Vulnerability Description
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-626L Firmware | 1.04 |
| Dlink | Dir-626L | - |
| Dlink | Dir-636L Firmware | 1.04 |
| Dlink | Dir-636L | - |
| Dlink | Dir-808L Firmware | 1.03 |
| Dlink | Dir-808L | - |
| Dlink | Dir-810L Firmware | 1.01 |
| Dlink | Dir-810L | - |
| Dlink | Dir-820L Firmware | 1.02 |
| Dlink | Dir-820L | - |
| Dlink | Dir-826L Firmware | 1.00 |
| Dlink | Dir-826L | - |
| Dlink | Dir-830L Firmware | 1.00 |
| Dlink | Dir-830L | - |
| Dlink | Dir-836L Firmware | 1.01 |
| Dlink | Dir-836L | - |
| Trendnet | Tew-731Br Firmware | 2.01 |
| Trendnet | Tew-731Br | - |
| Dlink | Dir-651 Firmware | 1.10na |
| Dlink | Dir-651 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-InjectIssue TrackingThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Mar/15Issue TrackingMailing ListThird Party Advisory
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052Vendor Advisory
- http://www.securityfocus.com/bid/72848Broken LinkThird Party AdvisoryVDB Entry
- https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2Broken LinkIssue TrackingMitigation
- http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-InjectIssue TrackingThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Mar/15Issue TrackingMailing ListThird Party Advisory
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052Vendor Advisory
- http://www.securityfocus.com/bid/72848Broken LinkThird Party AdvisoryVDB Entry
- https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2Broken LinkIssue TrackingMitigation
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-US Government Resource
FAQ
What is CVE-2015-1187?
CVE-2015-1187 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
How severe is CVE-2015-1187?
CVE-2015-1187 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-1187?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-626L Firmware, Dlink Dir-626L, Dlink Dir-636L Firmware, Dlink Dir-636L, Dlink Dir-808L Firmware.