D-Link.Realtek.SDK.Miniigd.UPnP.SOAP.Command.Execution

description-logoDescription

This indicates an attack attempt to exploit a Command Execution vulnerability in multiple D-Link routers.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious SOAP/XML file. A remote attacker may be able to exploit this to execute arbitrary code on vulnerable systems.

description-logoOutbreak Alert

FortiGuard Labs continue to see Realtek SDK vulnerabilities being exploited in the wild with over 10,000+ average IPS detections per month to deploy and distribute Denial-of-service botnet malware such as new Hinata Botnet, RedGoBot, GooberBot and Marai based Botnet.

View the full Outbreak Alert Report

affected-products-logoAffected Products

D-Link DIR-501 miniigd v1.08 and prior
D-Link DIR-515 miniigd v1.08 and prior
D-Link DIR-600L miniigd v1.08 and prior
D-Link DIR-605L miniigd v1.08 and prior
D-Link DIR-615 miniigd v1.08 and prior
D-Link DIR-619L miniigd v1.08 and prior
D-Link DIR-809 miniigd v1.07 and prior
D-Link DIR-900L miniigd v1.08 and prior
D-Link DIR-905L miniigd v1.08 and prior
Trendnet TEW-731BR miniigd v1.08 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable system.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-06-08 18.094 Sig Added
2020-06-29 15.875 Sig Added
2019-02-11 14.548 Sig Added

References

SAP10055 ZDI-15-155