Intrusion Prevention

D-Link.TRENDnet.NCC.Service.Command.Injection

Description

This indicates an attack attempt against a Command Injection vulnerability in several D-Link and TRENDnet devices.
The vulnerability is due to an input validation error while parsing a crafted HTTP request. A remote attacker could exploit this to execute arbitrary code within the context of the application, via a crafted HTTP.

Affected Products

D-Link DIR-626L (Rev A) v1.04b04 and prior
D-Link DIR-636L (Rev A) v1.04 and prior
D-Link DIR-808L (Rev A) v1.03b05 and prior
D-Link DIR-810L (Rev A) v1.01b04 and prior
D-Link DIR-810L (Rev B) v2.02b01 and prior
D-Link DIR-820L (Rev A) v1.02B10 and prior
D-Link DIR-820L (Rev A) v1.05B03 and prior
D-Link DIR-820L (Rev B) v2.01b02 and prior
D-Link DIR-826L (Rev A) v1.00b23 and prior
D-Link DIR-830L (Rev A) v1.00b07 and prior
D-Link DIR-836L (Rev A) v1.01b03 and prior
TRENDnet TEW-731BR (Rev 2) v2.01b01 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052

CVE References

CVE-2015-1187

Other References

SAP10052