D-Link.Devices.HNAP.SOAPAction-Header.Command.Execution

Description

This indicates an attack attempt to exploit a Command Execution vulnerability in multiple D-Link routers.
The vulnerability is caused by an error when the vulnerable software handles a malicious HTTP request. A remote attacker may be able to exploit this to execute arbitrary code on vulnerable systems.

Outbreak Alert

FortiGuard Labs has observed various router vulnerabilities being exploited in the wild to distribute malware such as MooBot Malware, Lucifer Malware, BotenaGo Botnet, Zerobot Malware, Enemybot Malware.

View the full Outbreak Alert Report

Affected Products

D-Link DIR-645 FW v.104 and prior
D-Link DAP-1522 revB FW v.104 and prior
D-Link DAP-1650 revB FW v.104 and prior
D-Link DIR-880L FW v.104 and prior
D-Link DIR-865L FW v.104 and prior
D-Link DIR-860L revA FW v.104 and prior
D-Link DIR-860L revB FW v.104 and prior
D-Link DIR-815 revB FW v.104 and prior
D-Link DIR-300 revB FW v.104 and prior
D-Link DIR-600 revB FW v.104 and prior
D-Link DIR-645 FW v.104 and prior
D-Link TEW-751DR FW v.104 and prior
D-Link TEW-733GR FW v.104 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable system.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051