OpenCVE

The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dir-645 Dir-645 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
http://www.securityfocus.com/bid/72623
http://www.securityfocus.com/bid/74870
https://www.exploit-db.com/exploits/37171/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-02-23T17:00:00

Updated: 2024-08-06T05:02:43.385Z

Reserved: 2015-02-23T00:00:00

Link: CVE-2015-2051

Vulnrichment

Updated: 2024-08-06T05:02:43.385Z

NVD

Status : Analyzed

Published: 2015-02-23T17:59:08.320

Modified: 2024-07-24T16:05:08.900

Link: CVE-2015-2051

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051"}, {"name": "37171", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/37171/"}, {"name": "72623", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72623"}, {"name": "74870", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74870"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2051", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051", "refsource": "CONFIRM", "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051"}, {"name": "37171", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/37171/"}, {"name": "72623", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72623"}, {"name": "74870", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74870"}]}}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "affected": [{"vendor": "dlink", "product": "dir-645", "cpes": ["cpe:2.3:h:dlink:dir-645:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.04b12", "versionType": "custom"}]}, {"vendor": "dlink", "product": "dir-645_firmware", "cpes": ["cpe:2.3:o:dlink:dir-645_firmware:1.03:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.03", "status": "affected", "lessThanOrEqual": "1.04b12", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-02T18:31:27.959147Z", "id": "CVE-2015-2051", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-02-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2051"}}}], "title": "ADP Container", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T19:03:21.687Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:02:43.385Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051"}, {"name": "37171", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/37171/"}, {"name": "72623", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72623"}, {"name": "74870", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74870"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-2051", "datePublished": "2015-02-23T17:00:00", "dateReserved": "2015-02-23T00:00:00", "dateUpdated": "2024-08-06T05:02:43.385Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/37171/", "name": "37171", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/72623", "name": "72623", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/74870", "name": "74870", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:02:43.385Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2015-2051", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-02T18:31:27.959147Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-02-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2051"}}}], "affected": [{"cpes": ["cpe:2.3:h:dlink:dir-645:*:*:*:*:*:*:*:*"], "vendor": "dlink", "product": "dir-645", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.04b12"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dlink:dir-645_firmware:1.03:*:*:*:*:*:*:*"], "vendor": "dlink", "product": "dir-645_firmware", "versions": [{"status": "affected", "version": "1.03", "versionType": "custom", "lessThanOrEqual": "1.04b12"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T18:40:39.885Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-13T00:00:00", "references": [{"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.exploit-db.com/exploits/37171/", "name": "37171", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://www.securityfocus.com/bid/72623", "name": "72623", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.securityfocus.com/bid/74870", "name": "74870", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2016-12-29T18:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051", "name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051", "refsource": "CONFIRM"}, {"url": "https://www.exploit-db.com/exploits/37171/", "name": "37171", "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/bid/72623", "name": "72623", "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/74870", "name": "74870", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-2051", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2015-2051", "state": "PUBLISHED", "dateUpdated": "2024-08-06T05:02:43.385Z", "dateReserved": "2015-02-23T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2015-02-23T17:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-08-10", "cisaExploitAdd": "2022-02-10", "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.", "cisaVulnerabilityName": "D-Link DIR-645 Router Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F3662DF-44FB-4613-A8C1-3A803F1186E4", "versionEndExcluding": "1.05b01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", "matchCriteriaId": "E02F7E04-F6D7-466D-81AD-14591443EBC3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface."}, {"lang": "es", "value": "El router D-Link DIR-645 Wired/Wireless Rev. Ax con firmware 1.04b12 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de una acci\u00f3n GetDeviceSettings en la interfaz HNAP."}], "id": "CVE-2015-2051", "lastModified": "2024-07-24T16:05:08.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2015-02-23T17:59:08.320", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/72623"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74870"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/37171/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}