CVE-2015-1187

CRITICAL KEV

D-Link Routers - Remote Code Execution via ping.ccp

Title source: llm

Description

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappslinux
https://www.exploit-db.com/exploits/41677
metasploit WORKING POC NORMAL
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/multi_ncc_ping_exec.rb

References (7)

Scores

CVSS v3 9.8
EPSS 0.8288
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25
VulnCheck KEV 2015-05-22
InTheWild.io 2022-03-25
ENISA EUVD EUVD-2015-1329
CWE
CWE-287
Status published
Products (18)
dlink/dir-626l_firmware 1.04 b04
dlink/dir-636l_firmware 1.04
dlink/dir-651_firmware 1.10na b02
dlink/dir-808l_firmware 1.03 b05
dlink/dir-810l_firmware 1.01 b04
dlink/dir-810l_firmware 2.02 b01
dlink/dir-820l_firmware 1.02 b10
dlink/dir-820l_firmware 1.05 b03
dlink/dir-820l_firmware 2.01 b02
dlink/dir-826l_firmware 1.00 b23
... and 8 more
Published Sep 21, 2017
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026