CVE-2015-1187
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
10,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,8123
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
287
Improper Authentication
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Access Control
Potential Impacts:
Read Application Data
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
ICS/OT, Not Technology-Specific, Web Based
Exploit
D-Link/TRENDnet - NCC Service Command Injection (Metasploit)
VerifiedD-Link/TRENDnet - NCC Service Command Injection (Metasploit)
View Exploit Code →
Operating System
Dir-810L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-810l_firmware:2.02:b01:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-826L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-826l_firmware:1.00:b23:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tew-652Br Firmware by Trendnet
CPE Identifier
View Detailed Analysis
cpe:2.3:o:trendnet:tew-652br_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tew-810Dr Firmware by Trendnet
CPE Identifier
View Detailed Analysis
cpe:2.3:o:trendnet:tew-810dr_firmware:1.00:b19:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-651 Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-651_firmware:1.10na:b02:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tew-651Br Firmware by Trendnet
CPE Identifier
View Detailed Analysis
cpe:2.3:o:trendnet:tew-651br_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-820L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-820l_firmware:1.02:b10:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tew-731Br Firmware by Trendnet
CPE Identifier
View Detailed Analysis
cpe:2.3:o:trendnet:tew-731br_firmware:2.01:b01:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-636L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-636l_firmware:1.04:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-626L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-626l_firmware:1.04:b04:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tew-813Dru Firmware by Trendnet
CPE Identifier
View Detailed Analysis
cpe:2.3:o:trendnet:tew-813dru_firmware:1.00:b23:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-820L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-820l_firmware:2.01:b02:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-810L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-810l_firmware:1.01:b04:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-808L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-808l_firmware:1.03:b05:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-836L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-836l_firmware:1.01:b03:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-830L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-830l_firmware:1.00:b07:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Dir-820L Firmware by Dlink
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dlink:dir-820l_firmware:1.05:b03:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tew-711Br Firmware by Trendnet
CPE Identifier
View Detailed Analysis
cpe:2.3:o:trendnet:tew-711br_firmware:1.00:b31:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015…
http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injec…
http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command…
http://seclists.org/fulldisclosure/2015/Mar/15
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052
https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
http://www.securityfocus.com/bid/72848
http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injec…
http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command…
http://seclists.org/fulldisclosure/2015/Mar/15
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052
https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
http://www.securityfocus.com/bid/72848