CVE-2015-1187

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html	Issue Tracking Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2015/Mar/15	Issue Tracking Mailing List Third Party Advisory
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052	Permissions Required Vendor Advisory
http://www.securityfocus.com/bid/72848	Third Party Advisory VDB Entry
https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2	Issue Tracking Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-626l_firmware:1.04:b04:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-626l:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dir-636l_firmware:1.04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-636l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dlink:dir-808l_firmware:1.03:b05:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-808l:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dlink:dir-810l_firmware:1.01:b04:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-810l:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dlink:dir-810l_firmware:2.02:b01:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-810l:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dlink:dir-820l_firmware:1.02:b10:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dlink:dir-820l_firmware:1.05:b03:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dlink:dir-820l_firmware:2.01:b02:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dlink:dir-826l_firmware:1.00:b23:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-826l:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dlink:dir-830l_firmware:1.00:b07:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-830l:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dlink:dir-836l_firmware:1.01:b03:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-836l:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:trendnet:tew-731br_firmware:2.01:b01:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-731br:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dlink:dir-651_firmware:1.10na:b02:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-651:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:trendnet:tew-651br_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-651br:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:trendnet:tew-652br_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-652br:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:trendnet:tew-711br_firmware:1.00:b31:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-711br:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:trendnet:tew-810dr_firmware:1.00:b19:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-810dr:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:trendnet:tew-813dru_firmware:1.00:b23:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-813dru:-:*:*:*:*:*:*:*

History

26 Apr 2023, 18:55

Type	Values Removed	Values Added
CPE	cpe:2.3:h:d-link:dir-830l:-:::::::* cpe:2.3:h:d-link:dir-820l:-:::::::* cpe:2.3:h:d-link:dir-826l:-:::::::* cpe:2.3:h:d-link:dir-836l:-:::::::* cpe:2.3:h:d-link:dir-651:-:::::::* cpe:2.3:h:d-link:dir-626l:-:::::::* cpe:2.3:h:d-link:dir-810l:-:::::::* cpe:2.3:h:d-link:dir-636l:-:::::::* cpe:2.3:h:d-link:dir-808l:-:::::::*	cpe:2.3:h:dlink:dir-651:-:::::::* cpe:2.3:h:dlink:dir-810l:-:::::::* cpe:2.3:h:dlink:dir-836l:-:::::::* cpe:2.3:h:dlink:dir-626l:-:::::::* cpe:2.3:h:dlink:dir-826l:-:::::::* cpe:2.3:h:dlink:dir-636l:-:::::::* cpe:2.3:h:dlink:dir-820l:-:::::::* cpe:2.3:h:dlink:dir-808l:-:::::::* cpe:2.3:h:dlink:dir-830l:-:::::::*

Information

Published : 2017-09-21 16:29

Updated : 2024-02-04 19:29

NVD link : CVE-2015-1187

Mitre link : CVE-2015-1187

CVE.ORG link : CVE-2015-1187

JSON object : View

Products Affected

dlink

dir-626l_firmware
dir-836l_firmware
dir-820l_firmware
dir-810l
dir-808l
dir-651_firmware
dir-830l
dir-830l_firmware
dir-651
dir-810l_firmware
dir-808l_firmware
dir-636l
dir-826l_firmware
dir-820l
dir-636l_firmware
dir-826l
dir-836l
dir-626l

trendnet

tew-652br_firmware
tew-813dru_firmware
tew-813dru
tew-711br_firmware
tew-810dr_firmware
tew-731br
tew-731br_firmware
tew-652br
tew-711br
tew-651br_firmware
tew-651br
tew-810dr

CWE

CWE-287

Improper Authentication

9.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2015-1187

9.8^/10

10.0^/10

Attach tags to `CVE-2015-1187`