Intrusion Prevention

D-Link.Devices.HNAP.SOAPAction-Header.Command.Execution

Description

This indicates an attack attempt to exploit a Command Execution vulnerability in multiple D-Link routers.
The vulnerability is caused by an error when the vulnerable software handles a malicious HTTP request. A remote attacker may be able to exploit this to execute arbitrary code on vulnerable systems.

Affected Products

D-Link DIR-645 FW v.104 and prior
D-Link DAP-1522 revB FW v.104 and prior
D-Link DAP-1650 revB FW v.104 and prior
D-Link DIR-880L FW v.104 and prior
D-Link DIR-865L FW v.104 and prior
D-Link DIR-860L revA FW v.104 and prior
D-Link DIR-860L revB FW v.104 and prior
D-Link DIR-815 revB FW v.104 and prior
D-Link DIR-300 revB FW v.104 and prior
D-Link DIR-600 revB FW v.104 and prior
D-Link DIR-645 FW v.104 and prior
D-Link TEW-751DR FW v.104 and prior
D-Link TEW-733GR FW v.104 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable system.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051

CVE References

CVE-2015-2051