The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 25, 2022.

The EPSS score is 0.81232.

Exploitation active

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

AND
cpe:2.3:o:dlink:dir-626l_firmware:1.04:b04:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-626l:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dlink:dir-636l_firmware:1.04:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-636l:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dlink:dir-808l_firmware:1.03:b05:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-808l:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dlink:dir-810l_firmware:1.01:b04:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-810l:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dlink:dir-810l_firmware:2.02:b01:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-810l:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:dlink:dir-820l_firmware:1.02:b10:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:dlink:dir-820l_firmware:1.05:b03:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:dlink:dir-820l_firmware:2.01:b02:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:dlink:dir-826l_firmware:1.00:b23:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-826l:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:dlink:dir-830l_firmware:1.00:b07:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-830l:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:dlink:dir-836l_firmware:1.01:b03:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-836l:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:trendnet:tew-731br_firmware:2.01:b01:*:*:*:*:*:*
cpe:2.3:h:trendnet:tew-731br:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:dlink:dir-651_firmware:1.10na:b02:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-651:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:trendnet:tew-651br_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:tew-651br:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:trendnet:tew-652br_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:tew-652br:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:trendnet:tew-711br_firmware:1.00:b31:*:*:*:*:*:*
cpe:2.3:h:trendnet:tew-711br:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:trendnet:tew-810dr_firmware:1.00:b19:*:*:*:*:*:*
cpe:2.3:h:trendnet:tew-810dr:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:trendnet:tew-813dru_firmware:1.00:b23:*:*:*:*:*:*
cpe:2.3:h:trendnet:tew-813dru:-:*:*:*:*:*:*:*

No data.

No data.

Subscriptions

Vendors Products
Dlink Subscribe
Dir-626l Subscribe
Dir-626l Firmware Subscribe
Dir-636l Subscribe
Dir-636l Firmware Subscribe
Dir-651 Subscribe
Dir-651 Firmware Subscribe
Dir-808l Subscribe
Dir-808l Firmware Subscribe
Dir-810l Subscribe
Dir-810l Firmware Subscribe
Dir-820l Subscribe
Dir-820l Firmware Subscribe
Dir-826l Subscribe
Dir-826l Firmware Subscribe
Dir-830l Subscribe
Dir-830l Firmware Subscribe
Dir-836l Subscribe
Dir-836l Firmware Subscribe
Trendnet Subscribe
Tew-651br Subscribe
Tew-651br Firmware Subscribe
Tew-652br Subscribe
Tew-652br Firmware Subscribe
Tew-711br Subscribe
Tew-711br Firmware Subscribe
Tew-731br Subscribe
Tew-731br Firmware Subscribe
Tew-810dr Subscribe
Tew-810dr Firmware Subscribe
Tew-813dru Subscribe
Tew-813dru Firmware Subscribe

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html cve-icon cve-icon
http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2015/Mar/15 cve-icon cve-icon
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052 cve-icon cve-icon
http://www.securityfocus.com/bid/72848 cve-icon cve-icon
https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1187 cve-icon cve-icon
History

Wed, 22 Oct 2025 00:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Fri, 07 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-03-25'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-10-21T23:55:34.177Z

Reserved: 2015-01-17T00:00:00.000Z

Link: CVE-2015-1187

cve-icon Vulnrichment

Updated: 2024-08-06T04:33:20.608Z

cve-icon NVD

Status : Deferred

Published: 2017-09-21T16:29:00.147

Modified: 2025-10-22T00:15:40.120

Link: CVE-2015-1187

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses