Intrusion PreventionD-Link.TRENDnet.NCC.Service.Command.Injection
Description
This indicates an attack attempt against a Command Injection vulnerability in several D-Link and TRENDnet devices.
The vulnerability is due to an input validation error while parsing a crafted HTTP request. A remote attacker could exploit this to execute arbitrary code within the context of the application, via a crafted HTTP.
Affected Products
D-Link DIR-626L (Rev A) v1.04b04 and prior
D-Link DIR-636L (Rev A) v1.04 and prior
D-Link DIR-808L (Rev A) v1.03b05 and prior
D-Link DIR-810L (Rev A) v1.01b04 and prior
D-Link DIR-810L (Rev B) v2.02b01 and prior
D-Link DIR-820L (Rev A) v1.02B10 and prior
D-Link DIR-820L (Rev A) v1.05B03 and prior
D-Link DIR-820L (Rev B) v2.01b02 and prior
D-Link DIR-826L (Rev A) v1.00b23 and prior
D-Link DIR-830L (Rev A) v1.00b07 and prior
D-Link DIR-836L (Rev A) v1.01b03 and prior
TRENDnet TEW-731BR (Rev 2) v2.01b01 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
References
SAP10052| ID | 40466 |
| Created | May 07, 2015 |
| Updated | Jul 17, 2023 |
| Risk |
|
| CVE ID | CVE-2015-1187 |
| Known Exploited | Yes |
| Exploit Prediction Score | 93.83% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |