Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2015-1187

Published: 21/09/2017 Updated: 08/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Dlink

Vulnerability Summary

The ping tool in multiple D-Link and TRENDnet devices allow remote malicious users to execute arbitrary code via the ping_addr parameter to ping.ccp.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dlink dir-626l_firmware 1.04

dlink dir-636l_firmware 1.04

dlink dir-808l_firmware 1.03

dlink dir-810l_firmware 1.01

dlink dir-810l_firmware 2.02

dlink dir-820l_firmware 1.02

dlink dir-820l_firmware 1.05

dlink dir-820l_firmware 2.01

dlink dir-826l_firmware 1.00

dlink dir-830l_firmware 1.00

dlink dir-836l_firmware 1.01

trendnet tew-731br_firmware 2.01

dlink dir-651_firmware 1.10na

trendnet tew-651br_firmware -

trendnet tew-652br_firmware -

trendnet tew-711br_firmware 1.00

trendnet tew-810dr_firmware 1.00

trendnet tew-813dru_firmware 1.00

Exploits

Exploit DB: D-Link/TRENDnet - NCC Service Command Injection (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking # Only tested on Emulated environment include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpSe ...
Exploit DB: D-Link DIR636L Remote Command Injection
D-Link DIR636L suffers from a remote command injection vulnerability ...

Recent Articles

Blackhat hack trick wallops popular routers
The Register • Darren Pauli • 26 May 2015

Sneaky DNS change doesn't need remote management.

A cybercrime vigilante known as Kafeine says criminals are hitting thousands of victims with a hacking tool that targets more than 40 router models. The well-known hacker says the novel attacks use cross-site request forgery and exploits against new and old bugs to change router DNS settings. This bypasses the need to target only routers with vulnerable remote services. Kafeine says the most popular routers can be targeted including Netgear, D-Link, and Asus to name a few. The hacker says the at...

Read more...

References

CWE-287https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2http://www.securityfocus.com/bid/72848http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052http://seclists.org/fulldisclosure/2015/Mar/15http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.htmlhttp://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/41677/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook