CVE-2015-1187: D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
First published: Thu Sep 21 2017(Updated: )
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-link Dir-626l Firmware | =1.04-b04 | |
| Dlink Dir-626l | ||
| D-link Dir-636l Firmware | =1.04 | |
| Dlink Dir-636l | ||
| D-link Dir-808l Firmware | =1.03-b05 | |
| Dlink Dir-808l | ||
| D-link Dir-810l Firmware | =1.01-b04 | |
| Dlink Dir-810l | ||
| D-link Dir-810l Firmware | =2.02-b01 | |
| D-link Dir-820l Firmware | =1.02-b10 | |
| Dlink Dir-820l | ||
| D-link Dir-820l Firmware | =1.05-b03 | |
| D-link Dir-820l Firmware | =2.01-b02 | |
| D-link Dir-826l Firmware | =1.00-b23 | |
| Dlink Dir-826l | ||
| D-link Dir-830l Firmware | =1.00-b07 | |
| Dlink Dir-830l | ||
| D-link Dir-836l Firmware | =1.01-b03 | |
| Dlink Dir-836l | ||
| Trendnet Tew-731br Firmware | =2.01-b01 | |
| Trendnet Tew-731br | ||
| D-link Dir-651 Firmware | =1.10na-b02 | |
| Dlink Dir-651 | ||
| Trendnet Tew-651br Firmware | ||
| TRENDnet TEW-651BR | ||
| Trendnet Tew-652br Firmware | ||
| Trendnet Tew-652br | ||
| Trendnet Tew-711br Firmware | =1.00-b31 | |
| Trendnet Tew-711br | ||
| Trendnet Tew-810dr Firmware | =1.00-b19 | |
| Trendnet Tew-810dr | ||
| Trendnet Tew-813dru Firmware | =1.00-b23 | |
| Trendnet Tew-813dru | ||
| Dlink Dir-626l Firmware | =1.04-b04 | |
| Dlink Dir-636l Firmware | =1.04 | |
| Dlink Dir-808l Firmware | =1.03-b05 | |
| Dlink Dir-810l Firmware | =1.01-b04 | |
| Dlink Dir-810l Firmware | =2.02-b01 | |
| Dlink Dir-820l Firmware | =1.02-b10 | |
| Dlink Dir-820l Firmware | =1.05-b03 | |
| Dlink Dir-820l Firmware | =2.01-b02 | |
| Dlink Dir-826l Firmware | =1.00-b23 | |
| Dlink Dir-830l Firmware | =1.00-b07 | |
| Dlink Dir-836l Firmware | =1.01-b03 | |
| Dlink Dir-651 Firmware | =1.10na-b02 | |
| D-Link and TRENDnet Multiple Devices | ||
| All of | ||
| Dlink Dir-626l Firmware | =1.04-b04 | |
| Dlink Dir-626l | ||
| All of | ||
| Dlink Dir-636l Firmware | =1.04 | |
| Dlink Dir-636l | ||
| All of | ||
| Dlink Dir-808l Firmware | =1.03-b05 | |
| Dlink Dir-808l | ||
| All of | ||
| Dlink Dir-810l Firmware | =1.01-b04 | |
| Dlink Dir-810l | ||
| All of | ||
| Dlink Dir-810l Firmware | =2.02-b01 | |
| Dlink Dir-810l | ||
| All of | ||
| Dlink Dir-820l Firmware | =1.02-b10 | |
| Dlink Dir-820l | ||
| All of | ||
| Dlink Dir-820l Firmware | =1.05-b03 | |
| Dlink Dir-820l | ||
| All of | ||
| Dlink Dir-820l Firmware | =2.01-b02 | |
| Dlink Dir-820l | ||
| All of | ||
| Dlink Dir-826l Firmware | =1.00-b23 | |
| Dlink Dir-826l | ||
| All of | ||
| Dlink Dir-830l Firmware | =1.00-b07 | |
| Dlink Dir-830l | ||
| All of | ||
| Dlink Dir-836l Firmware | =1.01-b03 | |
| Dlink Dir-836l | ||
| All of | ||
| Trendnet Tew-731br Firmware | =2.01-b01 | |
| Trendnet Tew-731br | ||
| All of | ||
| Dlink Dir-651 Firmware | =1.10na-b02 | |
| Dlink Dir-651 | ||
| All of | ||
| Trendnet Tew-651br Firmware | ||
| TRENDnet TEW-651BR | ||
| All of | ||
| Trendnet Tew-652br Firmware | ||
| Trendnet Tew-652br | ||
| All of | ||
| Trendnet Tew-711br Firmware | =1.00-b31 | |
| Trendnet Tew-711br | ||
| All of | ||
| Trendnet Tew-810dr Firmware | =1.00-b19 | |
| Trendnet Tew-810dr | ||
| All of | ||
| Trendnet Tew-813dru Firmware | =1.00-b23 | |
| Trendnet Tew-813dru |
Remedy
The impacted product is end-of-life and should be disconnected if still in use.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html
- http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html
- http://seclists.org/fulldisclosure/2015/Mar/15
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052
- http://www.securityfocus.com/bid/72848
- https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
- https://nvd.nist.gov/vuln/detail/CVE-2015-1187
- agent/author
- agent/type
- agent/remedy
- agent/weakness
- agent/title
- agent/severity
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- vendor/d-link
- canonical/d-link dir-626l firmware
- version/d-link dir-626l firmware/1.04-b04
- vendor/dlink
- canonical/dlink dir-626l
- canonical/d-link dir-636l firmware
- version/d-link dir-636l firmware/1.04
- canonical/dlink dir-636l
- canonical/d-link dir-808l firmware
- version/d-link dir-808l firmware/1.03-b05
- canonical/dlink dir-808l
- canonical/d-link dir-810l firmware
- version/d-link dir-810l firmware/1.01-b04
- canonical/dlink dir-810l
- version/d-link dir-810l firmware/2.02-b01
- canonical/d-link dir-820l firmware
- version/d-link dir-820l firmware/1.02-b10
- canonical/dlink dir-820l
- version/d-link dir-820l firmware/1.05-b03
- version/d-link dir-820l firmware/2.01-b02
- canonical/d-link dir-826l firmware
- version/d-link dir-826l firmware/1.00-b23
- canonical/dlink dir-826l
- canonical/d-link dir-830l firmware
- version/d-link dir-830l firmware/1.00-b07
- canonical/dlink dir-830l
- canonical/d-link dir-836l firmware
- version/d-link dir-836l firmware/1.01-b03
- canonical/dlink dir-836l
- vendor/trendnet
- canonical/trendnet tew-731br firmware
- version/trendnet tew-731br firmware/2.01-b01
- canonical/trendnet tew-731br
- canonical/d-link dir-651 firmware
- version/d-link dir-651 firmware/1.10na-b02
- canonical/dlink dir-651
- canonical/trendnet tew-651br firmware
- canonical/trendnet tew-651br
- canonical/trendnet tew-652br firmware
- canonical/trendnet tew-652br
- canonical/trendnet tew-711br firmware
- version/trendnet tew-711br firmware/1.00-b31
- canonical/trendnet tew-711br
- canonical/trendnet tew-810dr firmware
- version/trendnet tew-810dr firmware/1.00-b19
- canonical/trendnet tew-810dr
- canonical/trendnet tew-813dru firmware
- version/trendnet tew-813dru firmware/1.00-b23
- canonical/trendnet tew-813dru
- canonical/dlink dir-626l firmware
- version/dlink dir-626l firmware/1.04-b04
- canonical/dlink dir-636l firmware
- version/dlink dir-636l firmware/1.04
- canonical/dlink dir-808l firmware
- version/dlink dir-808l firmware/1.03-b05
- canonical/dlink dir-810l firmware
- version/dlink dir-810l firmware/1.01-b04
- version/dlink dir-810l firmware/2.02-b01
- canonical/dlink dir-820l firmware
- version/dlink dir-820l firmware/1.02-b10
- version/dlink dir-820l firmware/1.05-b03
- version/dlink dir-820l firmware/2.01-b02
- canonical/dlink dir-826l firmware
- version/dlink dir-826l firmware/1.00-b23
- canonical/dlink dir-830l firmware
- version/dlink dir-830l firmware/1.00-b07
- canonical/dlink dir-836l firmware
- version/dlink dir-836l firmware/1.01-b03
- canonical/dlink dir-651 firmware
- version/dlink dir-651 firmware/1.10na-b02
- vendor/d-link and trendnet
- canonical/d-link and trendnet multiple devices