Vulnerability Details : CVE-2015-1187
Public exploit exists!
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
Vulnerability category: Execute code
Products affected by CVE-2015-1187
- cpe:2.3:o:dlink:dir-820l_firmware:1.05:b03:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-820l_firmware:1.02:b10:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-820l_firmware:2.01:b02:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-826l_firmware:1.00:b23:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-830l_firmware:1.00:b07:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-836l_firmware:1.01:b03:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-810l_firmware:1.01:b04:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-810l_firmware:2.02:b01:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-626l_firmware:1.04:b04:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-636l_firmware:1.04:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-651_firmware:1.10na:b02:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-808l_firmware:1.03:b05:*:*:*:*:*:*
- cpe:2.3:o:trendnet:tew-731br_firmware:2.01:b01:*:*:*:*:*:*
- cpe:2.3:o:trendnet:tew-651br_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:tew-652br_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:trendnet:tew-711br_firmware:1.00:b31:*:*:*:*:*:*
- cpe:2.3:o:trendnet:tew-810dr_firmware:1.00:b19:*:*:*:*:*:*
- cpe:2.3:o:trendnet:tew-813dru_firmware:1.00:b23:*:*:*:*:*:*
CVE-2015-1187 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2015-1187
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2015-1187
78.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-1187
-
D-Link/TRENDnet NCC Service Command Injection
Disclosure Date: 2015-02-26First seen: 2020-04-26exploit/linux/http/multi_ncc_ping_execThis module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This module has been tested on a DIR-626L emulated environment. Several D-Link and TRENDnet devices are report
CVSS scores for CVE-2015-1187
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-1187
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2015-1187
-
https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
secpub/Multivendor/ncc2 at master · darkarnium/secpub · GitHubIssue Tracking;Mitigation;Third Party Advisory;Broken Link
-
http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html
D-Link DIR636L Remote Command Injection ≈ Packet StormIssue Tracking;Third Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2015/Mar/15
Full Disclosure: CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect AuthenticationIssue Tracking;Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html
D-Link/TRENDnet NCC Service Command Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/72848
D-Link DIR-636L CVE-2015-1187 Remote Command Injection and Authentication Bypass VulnerabilitiesThird Party Advisory;VDB Entry;Broken Link
-
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052
D-Link Technical SupportVendor Advisory
Jump to