ID
VAR-E-201502-0354
TITLE
Multiple D-Link and TRENDnet Routers 'ncc/ncc2' Service Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
Multiple D-Link and TRENDnet routers are prone to a local unauthenticated vulnerability, a remote unauthenticated vulnerability and a cross-site request-forgery vulnerability.
An attacker can exploit this issue to perform certain unauthorized actions and gain unauthorized root access to an affected device. Successful exploits will result in the complete compromise of an affected device.
Following products are vulnerable:
D-Link DIR-820L (Rev A) 1.02B10, DIR-820L (Rev A) 1.05B03, and DIR-820L (Rev B) 2.01b02
TRENDnet TEW-731BR (Rev 2) 2.01b01
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | trendnet | model: | tew-731br (rev 2.01b01 | scope: | eq | version: | 2) | Trust: 0.3 |
| vendor: | d link | model: | dir-820l 2.01b02 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dir-820l 1.05b03 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dir-820l 1.02b10 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | trendnet | model: | tew-731br (rev 2.02b01 | scope: | ne | version: | 2) | Trust: 0.3 |
EXPLOIT
An attacker can exploit this issue using readily available tools and by gaining physical access to the device.
The researcher who discovered these issues has created a proof-of-concept. Please see the references for more information
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Peter Adkins
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 72816 | Trust: 0.3 |
REFERENCES
| url: | http://seclists.org/bugtraq/2015/feb/164 | Trust: 0.3 |
| url: | http://www.dlink.com/ | Trust: 0.3 |
| url: | http://www.trendnet.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 72816 |
LAST UPDATE DATE
2022-07-27T09:49:38.490000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 72816 | date: | 2015-02-26T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 72816 | date: | 2015-02-26T00:00:00 |