CVE-2015-2051

CVE Database · CVE-2015-2051

CVE-2015-2051

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

97.10%

Published

Feb 23, 2015

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-02-10 · Due: 2022-08-10

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBD-Link Devices - HNAP SOAPAction-Header Command Execution (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77CWE-77

Affected Products (2)

dlink · dir-645_firmware (up to 1.05b01)vulnerable

dlink · dir-645

References (10)

http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051

ExploitVendor Advisory

http://www.securityfocus.com/bid/72623

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/74870

Broken LinkThird Party AdvisoryVDB Entry

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282

Vendor Advisory

https://www.exploit-db.com/exploits/37171/

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs