CVE-2015-1187
Published: 21 September 2017
Summary
CVE-2015-1187 is a critical-severity Improper Authentication (CWE-287) vulnerability in Dlink Dir-820L Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
The vulnerability CVE-2015-1187 resides in the ping tool of multiple D-Link and TRENDnet devices and is tracked under CWE-287 for improper authentication. Unauthenticated remote attackers can supply crafted input through the ping_addr parameter to ping.ccp, resulting in arbitrary code execution on the affected embedded devices.
Because the flaw is reachable over the network without credentials or user interaction, an attacker can achieve full control of the device, including the ability to read, modify, or delete data and disrupt device operation, consistent with the CVSS 9.8 rating.
Public disclosures and the D-Link advisory SAP10052 listed in the references document the affected models and parameter handling issue, while exploit code has been published on PacketStorm and Seclists. No information on patch availability or confirmed in-the-wild exploitation is provided in the supplied references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-1329
Vulnerability details
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
- CWE(s)
- KEV Date Added
- 25 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization checks on the ping.ccp interface so that unauthenticated remote attackers cannot reach the vulnerable ping_addr parameter.
Requires validation and sanitization of the ping_addr input, blocking the crafted values that produce arbitrary code execution.
Restricts and authorizes all remote management connections to the device, reducing the network-reachable attack surface that the unauthenticated ping.ccp flaw exposes.