CVE-2015-2051

critical-risk
Published 2015-02-23

The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

Do I need to act?

!
93.0% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
37171
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Dlink

References (10)

Exploit http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
Broken Link http://www.securityfocus.com/bid/72623
Broken Link http://www.securityfocus.com/bid/74870
Vendor Advisory https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1...
Exploit https://www.exploit-db.com/exploits/37171/
Exploit http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
Broken Link http://www.securityfocus.com/bid/72623
Broken Link http://www.securityfocus.com/bid/74870
Exploit https://www.exploit-db.com/exploits/37171/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-...
71
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 34/34 · Critical
Exposure 5/34 · Minimal