PT-2014-1984 · D Link+1 · D-Link+1

Stephan Rickauer

Publicado

2014-11-30

Atualizado

2024-12-20

CVE-2015-1187

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link devices (affected versions not specified) TRENDnet devices (affected versions not specified)

Description The issue is related to a remote code execution problem in the ping tool of multiple D-Link and TRENDnet devices. It is caused by weaknesses in the authentication procedure when handling the ping command, specifically via the ping addr parameter. This allows remote attackers to execute arbitrary code.

Recommendations For D-Link devices, consider restricting access to the ping tool until a fix is available. For TRENDnet devices, avoid using the ping addr parameter in the ping command until the issue is resolved. As a temporary workaround, consider disabling the ping tool in both D-Link and TRENDnet devices to minimize the risk of exploitation.

Exploit

Correção

Command Injection

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-287

Identificadores relacionados

BDU:2017-02306

BDU:2017-02307

BDU:2017-02308

BDU:2017-02309

BDU:2017-02310

BDU:2017-02311

BDU:2017-02312

BDU:2017-02313

BDU:2017-02314

BDU:2017-02315

BDU:2017-02316

BDU:2017-02317

BDU:2017-02318

BDU:2017-02319

BDU:2017-02320

CVE-2015-1187

Produtos afetados

D-Link

Trendnet

PT-2014-1984 · D Link+1 · D-Link+1

CVE-2015-1187

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27