CVE-2015-2052
EXPLOITEDD-Link DIR-645 Firmware < 1.04b12 - Remote Code Execution via HNAP GetDeviceSettings Action
Title source: llmExploitation Summary
CVE-2015-2052 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72623
Scores
EPSS
0.1165
EPSS Percentile
93.8%
Details
VulnCheck KEV
2018-01-23
CWE
CWE-119
Status
published
Products (1)
dlink/dir-645_firmware
< 1.04b12
Published
Feb 23, 2015
Tracked Since
Feb 18, 2026