This indicates an attack attempt to exploit a Command Execution vulnerability in multiple D-Link routers.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious SOAP/XML file. A remote attacker may be able to exploit this to execute arbitrary code on vulnerable systems.

description-logoOutbreak Alert

FortiGuard Labs continue to see Realtek SDK vulnerabilities being exploited in the wild with over 10,000+ average IPS detections per month to deploy and distribute Denial-of-service botnet malware such as new Hinata Botnet, RedGoBot, GooberBot and Marai based Botnet.

View the full Outbreak Alert Report

affected-products-logoAffected Products

D-Link DIR-501 miniigd v1.08 and prior
D-Link DIR-515 miniigd v1.08 and prior
D-Link DIR-600L miniigd v1.08 and prior
D-Link DIR-605L miniigd v1.08 and prior
D-Link DIR-615 miniigd v1.08 and prior
D-Link DIR-619L miniigd v1.08 and prior
D-Link DIR-809 miniigd v1.07 and prior
D-Link DIR-900L miniigd v1.08 and prior
D-Link DIR-905L miniigd v1.08 and prior
Trendnet TEW-731BR miniigd v1.08 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable system.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-06-08 18.094 Sig Added
2020-06-29 15.875 Sig Added
2019-02-11 14.548 Sig Added


SAP10055 ZDI-15-155