10

CVE-2015-1187

Warning
Exploit

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

Data is provided by the National Vulnerability Database (NVD)
DlinkDir-626l Firmware Version1.04 Updateb04
   DlinkDir-626l Version-
DlinkDir-636l Firmware Version1.04
   DlinkDir-636l Version-
DlinkDir-808l Firmware Version1.03 Updateb05
   DlinkDir-808l Version-
DlinkDir-810l Firmware Version1.01 Updateb04
   DlinkDir-810l Version-
DlinkDir-810l Firmware Version2.02 Updateb01
   DlinkDir-810l Version-
DlinkDir-820l Firmware Version1.02 Updateb10
   DlinkDir-820l Version-
DlinkDir-820l Firmware Version1.05 Updateb03
   DlinkDir-820l Version-
DlinkDir-820l Firmware Version2.01 Updateb02
   DlinkDir-820l Version-
DlinkDir-826l Firmware Version1.00 Updateb23
   DlinkDir-826l Version-
DlinkDir-830l Firmware Version1.00 Updateb07
   DlinkDir-830l Version-
DlinkDir-836l Firmware Version1.01 Updateb03
   DlinkDir-836l Version-
TrendnetTew-731br Firmware Version2.01 Updateb01
   TrendnetTew-731br Version-
DlinkDir-651 Firmware Version1.10na Updateb02
   DlinkDir-651 Version-
TrendnetTew-651br Firmware Version-
   TrendnetTew-651br Version-
TrendnetTew-652br Firmware Version-
   TrendnetTew-652br Version-
TrendnetTew-711br Firmware Version1.00 Updateb31
   TrendnetTew-711br Version-
TrendnetTew-810dr Firmware Version1.00 Updateb19
   TrendnetTew-810dr Version-
TrendnetTew-813dru Firmware Version1.00 Updateb23
   TrendnetTew-813dru Version-

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability

Vulnerability

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.

Description

The impacted product is end-of-life and should be disconnected if still in use.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 78.16% 0.99
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://seclists.org/fulldisclosure/2015/Mar/15
Third Party Advisory
Mailing List
Issue Tracking
http://www.securityfocus.com/bid/72848
Third Party Advisory
Broken Link
VDB Entry
https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
Third Party Advisory
Broken Link
Issue Tracking
Mitigation