Cyber Resilience

CVE-2015-2051

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 23 February 2015

Published
23 February 2015
Modified
22 April 2026
KEV Added
10 February 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9274 99.8th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2015-2051 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dir-645 Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

The vulnerability is a command injection flaw (CWE-77) in the HNAP interface of the D-Link DIR-645 Wired/Wireless Router Rev. Ax running firmware 1.04b12 and earlier. It is triggered specifically by a GetDeviceSettings action and carries a CVSS 3.1 score of 8.8.

Adjacent-network attackers without authentication or user interaction can send a crafted request to the HNAP endpoint and execute arbitrary commands on the device, resulting in full compromise of confidentiality, integrity, and availability.

D-Link has published security advisories SAP10051 and SAP10282, along with a support announcement, that address the affected router models and firmware versions. Public exploit code for the issue is also available.

The flaw enables unauthenticated remote command execution on the local network segment.

EU & UK References

Vulnerability details

The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

CWE(s)
KEV Date Added
10 February 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-645 firmware
≤ 1.05b01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks before permitting any actions on the HNAP interface, blocking the unauthenticated GetDeviceSettings command injection.

prevent

Requires validation and sanitization of all input to the HNAP endpoint, directly preventing the crafted GetDeviceSettings payloads that trigger arbitrary command execution.

prevent

Restricts network communications to the HNAP service from adjacent networks, limiting the attack surface for unauthenticated remote command execution.

References