CVE-2015-2049

Currently unrated

Key Information:

Vendor: D-Link
Status: Dcs-931l Firmware
Vendor: CVE Published:; 23 February 2015

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 46%

Summary

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2015-2049
Created by Rapid7

References

https://www.exploit-db.com/exploits/39192/

exploitx_refsource_EXPLOIT-DB

http://securityadvisories.dlink.com/security/publication....

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/377348

third-party-advisoryx_refsource_CERT-VN

EPSS Score

46% chance of being exploited in the next 30 days.

Timeline

🟡
Public PoC available
Jan 5, 2016
👾
Exploit known to exist
Jan 5, 2016
Vulnerability published
Feb 23, 2015
Vulnerability Reserved
Feb 23, 2015