CVE-2015-2051
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
23/02/2015
Last modified:
12/04/2025
Description
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:* | 1.05b01 (excluding) | |
| cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
- http://www.securityfocus.com/bid/72623
- http://www.securityfocus.com/bid/74870
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282
- https://www.exploit-db.com/exploits/37171/
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
- http://www.securityfocus.com/bid/72623
- http://www.securityfocus.com/bid/74870
- https://www.exploit-db.com/exploits/37171/