The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
References
| Link | Resource |
|---|---|
| http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051 | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/72623 | Broken Link Third Party Advisory VDB Entry |
| http://www.securityfocus.com/bid/74870 | Broken Link Third Party Advisory VDB Entry |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282 | Vendor Advisory |
| https://www.exploit-db.com/exploits/37171/ | Exploit Third Party Advisory VDB Entry |
| http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051 | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/72623 | Broken Link Third Party Advisory VDB Entry |
| http://www.securityfocus.com/bid/74870 | Broken Link Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/37171/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
| AND |
|
History
04 Feb 2025, 15:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282 - Vendor Advisory |
06 Jan 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Information
Published : 2015-02-23 17:59
Updated : 2025-04-12 10:46
NVD link : CVE-2015-2051
Mitre link : CVE-2015-2051
CVE.ORG link : CVE-2015-2051
JSON object : View
Products Affected
dlink
- dir-645_firmware
- dir-645
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')