⚠ Actively exploited

Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: The impacted product is end-of-life and should be disconnected if still in use..

CVE-2015-1187

CWE-287 — Improper Authentication7 documents7 sources

Severity

9.8CRITICAL

EPSS

81.2%

top 0.83%

CISA KEV

KEV

Added 2022-03-25

Due 2022-04-15

Exploit

Exploited in wild

Active exploitation observed

Affected products

Dlink Dir-626l Firmware Dlink Dir-636l Firmware Dlink Dir-651 Firmware +10 more

Timeline

PublishedSep 21

KEV addedMar 25

KEV dueApr 15

Latest updateNov 8

CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages13 packages

▶NVDdlink/dir-651_firmware1.10na

▶NVDdlink/dir-626l_firmware1.04

▶NVDdlink/dir-636l_firmware1.04

▶NVDdlink/dir-808l_firmware1.03

▶NVDdlink/dir-810l_firmware1.01, 2.02+1

🔴Vulnerability Details

GHSA

GHSA-2cvq-m957-r86c: The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping↗2022-05-17

▶

CVEList

CVE-2015-1187: The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping↗2017-09-21

▶

VulnCheck

D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability↗2015

▶

💥Exploits & PoCs

Exploit-DB

D-Link/TRENDnet - NCC Service Command Injection (Metasploit)↗2015-02-26

▶

🔍Detection Rules

Suricata

ET EXPLOIT D-Link TRENDnet NCC Service Command Injection Attempt (CVE-2015-1187)↗2023-11-08

▶

📋Vendor Advisories

CISA

D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability↗2022-03-25

▶