Vulnerability CVE-2015-1187


Published: 2017-09-21

Description:
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Trendnet -> Tew-813dru firmware 
Trendnet -> Tew-652br firmware 
Trendnet -> Tew-711br firmware 
Trendnet -> Tew-731br firmware 
Trendnet -> Tew-651br firmware 
Trendnet -> Tew-810dr firmware 
D-link -> Dir-651 firmware 
D-link -> Dir-636l firmware 
D-link -> Dir-810l firmware 
D-link -> Dir-820l firmware 
D-link -> Dir-626l firmware 
D-link -> Dir-830l firmware 
D-link -> Dir-836l firmware 
D-link -> Dir-808l firmware 
D-link -> Dir-826l firmware 

 References:
http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html
http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html
http://seclists.org/fulldisclosure/2015/Mar/15
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052
http://www.securityfocus.com/bid/72848
https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2

Copyright 2024, cxsecurity.com

 

Back to Top