D-Link.Devices.HNAP.SOAPAction-Header.Command.Execution
Description
This indicates an attack attempt to exploit a Command Execution vulnerability in multiple D-Link routers.
The vulnerability is caused by an error when the vulnerable software handles a malicious HTTP request. A remote attacker may be able to exploit this to execute arbitrary code on vulnerable systems.
Outbreak Alert
FortiGuard Labs has observed various router vulnerabilities being exploited in the wild to distribute malware such as MooBot Malware, Lucifer Malware, BotenaGo Botnet, Zerobot Malware, Enemybot Malware.
Affected Products
D-Link DIR-645 FW v.104 and prior
D-Link DAP-1522 revB FW v.104 and prior
D-Link DAP-1650 revB FW v.104 and prior
D-Link DIR-880L FW v.104 and prior
D-Link DIR-865L FW v.104 and prior
D-Link DIR-860L revA FW v.104 and prior
D-Link DIR-860L revB FW v.104 and prior
D-Link DIR-815 revB FW v.104 and prior
D-Link DIR-300 revB FW v.104 and prior
D-Link DIR-600 revB FW v.104 and prior
D-Link DIR-645 FW v.104 and prior
D-Link TEW-751DR FW v.104 and prior
D-Link TEW-733GR FW v.104 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable system.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |