[CVE-2015-1187] D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability

NVD 상세 정보

설명: The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

CWE: CWE-287 | CWE-287

참조

• http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html [Issue Tracking, Third Party Advisory, VDB Entry]
• http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html [Exploit, Third Party Advisory, VDB Entry]
• http://seclists.org/fulldisclosure/2015/Mar/15 [Issue Tracking, Mailing List, Third Party Advisory]
• http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052 [Vendor Advisory]
• http://www.securityfocus.com/bid/72848 [Broken Link, Third Party Advisory, VDB Entry]
• https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2 [Broken Link, Issue Tracking, Mitigation, Third Party Advisory]
• http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html [Issue Tracking, Third Party Advisory, VDB Entry]
• http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html [Exploit, Third Party Advisory, VDB Entry]
• http://seclists.org/fulldisclosure/2015/Mar/15 [Issue Tracking, Mailing List, Third Party Advisory]
• http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052 [Vendor Advisory]
• http://www.securityfocus.com/bid/72848 [Broken Link, Third Party Advisory, VDB Entry]
• https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2 [Broken Link, Issue Tracking, Mitigation, Third Party Advisory]
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1187