CVE-2015-1187: D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
First published: Thu Sep 21 2017(Updated: )
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link and TRENDnet Multiple Devices | ||
| All of | ||
| D-Link DIR-626L Firmware | =1.04-b04 | |
| D-Link DIR-626L | ||
| All of | ||
| D-Link DIR-636L Firmware | =1.04 | |
| D-Link DIR-636L | ||
| All of | ||
| D-Link DIR-808L Firmware | =1.03-b05 | |
| D-Link DIR-808L Firmware | ||
| All of | ||
| dlink DIR-810L | =1.01-b04 | |
| D-Link DIR-810L Firmware | ||
| All of | ||
| dlink DIR-810L | =2.02-b01 | |
| D-Link DIR-810L Firmware | ||
| All of | ||
| D-Link DIR-820L Firmware | =1.02-b10 | |
| D-Link DIR-820L Firmware | ||
| All of | ||
| D-Link DIR-820L Firmware | =1.05-b03 | |
| D-Link DIR-820L Firmware | ||
| All of | ||
| D-Link DIR-820L Firmware | =2.01-b02 | |
| D-Link DIR-820L Firmware | ||
| All of | ||
| Dlink Dir-826l Wireless N600 Cloud Router Firmware | =1.00-b23 | |
| Dlink Dir-826l Wireless N600 Cloud Router | ||
| All of | ||
| D-Link DIR-830L Firmware | =1.00-b07 | |
| D-Link DIR-830L | ||
| All of | ||
| D-Link DIR-836L Firmware | =1.01-b03 | |
| D-Link DIR-836L | ||
| All of | ||
| TRENDnet TEW-731BR Firmware | =2.01-b01 | |
| TRENDnet TEW-731BR Firmware | ||
| All of | ||
| Sick CLV651 Firmware | =1.10na-b02 | |
| D-Link DIR-651 | ||
| All of | ||
| TRENDnet TEW-651BR Firmware | ||
| TRENDnet tew-651br firmware | ||
| All of | ||
| TRENDnet TEW-652BRP firmware | ||
| TRENDnet TEW-652BRP firmware | ||
| All of | ||
| TRENDnet TEW-711BR Firmware | =1.00-b31 | |
| TRENDnet TEW-711BR Firmware | ||
| All of | ||
| TRENDnet TEW-810DR Firmware | =1.00-b19 | |
| TRENDnet TEW-810DR Firmware | ||
| All of | ||
| TRENDnet TEW-813DRU | =1.00-b23 | |
| TRENDnet TEW-813DRU | ||
| D-Link DIR-626L Firmware | =1.04-b04 | |
| D-Link DIR-626L | ||
| D-Link DIR-636L | =1.04 | |
| D-Link DIR-636L | ||
| D-Link DIR-808L Firmware | =1.03-b05 | |
| D-Link DIR-808L Firmware | ||
| D-Link DIR-810L Firmware | =1.01-b04 | |
| D-Link DIR-810L Firmware | ||
| D-Link DIR-810L Firmware | =2.02-b01 | |
| D-Link DIR-820 Firmware | =1.02-b10 | |
| D-Link DIR-820L Firmware | ||
| D-Link DIR-820 Firmware | =1.05-b03 | |
| D-Link DIR-820 Firmware | =2.01-b02 | |
| D-Link DIR-826L Firmware | =1.00-b23 | |
| Dlink Dir-826l Wireless N600 Cloud Router | ||
| D-Link DIR-830L Firmware | =1.00-b07 | |
| D-Link DIR-830L | ||
| D-Link DIR-836L Firmware | =1.01-b03 | |
| D-Link DIR-836L | ||
| TRENDnet TEW-731BR Firmware | =2.01-b01 | |
| TRENDnet TEW-731BR Firmware | ||
| D-Link DIR-651 Firmware | =1.10na-b02 | |
| D-Link DIR-651 | ||
| TRENDnet TEW-651BR Firmware | ||
| TRENDnet tew-651br firmware | ||
| TRENDnet TEW-652BRP firmware | ||
| TRENDnet TEW-652BRP firmware | ||
| TRENDnet TEW-711BR Firmware | =1.00-b31 | |
| TRENDnet TEW-711BR Firmware | ||
| TRENDnet TEW-810DR Firmware | =1.00-b19 | |
| TRENDnet TEW-810DR Firmware | ||
| TRENDnet TEW-813DRU | =1.00-b23 | |
| TRENDnet TEW-813DRU |
Remedy
The impacted product is end-of-life and should be disconnected if still in use.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html
- http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html
- http://seclists.org/fulldisclosure/2015/Mar/15
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052
- http://www.securityfocus.com/bid/72848
- https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
- https://nvd.nist.gov/vuln/detail/CVE-2015-1187
Frequently Asked Questions
What is the severity of CVE-2015-1187?
CVE-2015-1187 has a high severity rating due to its potential for remote code execution.
How do I fix CVE-2015-1187?
To fix CVE-2015-1187, update the firmware of the affected D-Link and TRENDnet devices to the latest version.
Which devices are affected by CVE-2015-1187?
CVE-2015-1187 affects multiple D-Link and TRENDnet devices, including specific models like DIR-626L, DIR-636L, DIR-808L, DIR-810L, and others.
What kind of attack does CVE-2015-1187 enable?
CVE-2015-1187 enables remote attackers to execute arbitrary code on vulnerable devices.
Is CVE-2015-1187 under active exploitation?
There have been reports of CVE-2015-1187 being exploited in the wild, emphasizing the importance of remediation.
- agent/type
- agent/remedy
- agent/weakness
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/event
- agent/trending
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- agent/softwarecombine
- vendor/d-link and trendnet
- canonical/d-link and trendnet multiple devices
- vendor/dlink
- canonical/d-link dir-626l firmware
- version/d-link dir-626l firmware/1.04-b04
- canonical/d-link dir-626l
- canonical/d-link dir-636l firmware
- version/d-link dir-636l firmware/1.04
- canonical/d-link dir-636l
- canonical/d-link dir-808l firmware
- version/d-link dir-808l firmware/1.03-b05
- canonical/dlink dir-810l
- version/dlink dir-810l/1.01-b04
- canonical/d-link dir-810l firmware
- version/dlink dir-810l/2.02-b01
- canonical/d-link dir-820l firmware
- version/d-link dir-820l firmware/1.02-b10
- version/d-link dir-820l firmware/1.05-b03
- version/d-link dir-820l firmware/2.01-b02
- canonical/dlink dir-826l wireless n600 cloud router firmware
- version/dlink dir-826l wireless n600 cloud router firmware/1.00-b23
- canonical/dlink dir-826l wireless n600 cloud router
- canonical/d-link dir-830l firmware
- version/d-link dir-830l firmware/1.00-b07
- canonical/d-link dir-830l
- canonical/d-link dir-836l firmware
- version/d-link dir-836l firmware/1.01-b03
- canonical/d-link dir-836l
- vendor/trendnet
- canonical/trendnet tew-731br firmware
- version/trendnet tew-731br firmware/2.01-b01
- canonical/sick clv651 firmware
- version/sick clv651 firmware/1.10na-b02
- canonical/d-link dir-651
- canonical/trendnet tew-651br firmware
- canonical/trendnet tew-652brp firmware
- canonical/trendnet tew-711br firmware
- version/trendnet tew-711br firmware/1.00-b31
- canonical/trendnet tew-810dr firmware
- version/trendnet tew-810dr firmware/1.00-b19
- canonical/trendnet tew-813dru
- version/trendnet tew-813dru/1.00-b23
- vendor/d-link
- version/d-link dir-636l/1.04
- version/d-link dir-810l firmware/1.01-b04
- version/d-link dir-810l firmware/2.02-b01
- canonical/d-link dir-820 firmware
- version/d-link dir-820 firmware/1.02-b10
- version/d-link dir-820 firmware/1.05-b03
- version/d-link dir-820 firmware/2.01-b02
- canonical/d-link dir-826l firmware
- version/d-link dir-826l firmware/1.00-b23
- canonical/d-link dir-651 firmware
- version/d-link dir-651 firmware/1.10na-b02