PT-2014-1984 · D Link+1 · D-Link+1

Stephan Rickauer

Published

2014-11-30

Updated

2024-12-20

CVE-2015-1187

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link devices (affected versions not specified) TRENDnet devices (affected versions not specified)

Description The issue is related to a remote code execution problem in the ping tool of multiple D-Link and TRENDnet devices. It is caused by weaknesses in the authentication procedure when handling the ping command, specifically via the ping addr parameter. This allows remote attackers to execute arbitrary code.

Recommendations For D-Link devices, consider restricting access to the ping tool until a fix is available. For TRENDnet devices, avoid using the ping addr parameter in the ping command until the issue is resolved. As a temporary workaround, consider disabling the ping tool in both D-Link and TRENDnet devices to minimize the risk of exploitation.

Exploit

Fix

Command Injection

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-287

Related Identifiers

BDU:2017-02306

BDU:2017-02307

BDU:2017-02308

BDU:2017-02309

BDU:2017-02310

BDU:2017-02311

BDU:2017-02312

BDU:2017-02313

BDU:2017-02314

BDU:2017-02315

BDU:2017-02316

BDU:2017-02317

BDU:2017-02318

BDU:2017-02319

BDU:2017-02320

CVE-2015-1187

Affected Products

D-Link

Trendnet

PT-2014-1984 · D Link+1 · D-Link+1

CVE-2015-1187

Weakness Enumeration

Related Identifiers

Affected Products

References · 27