CVE-2015-2051
Published: 23 February 2015
Summary
CVE-2015-2051 is a high-severity Command Injection (CWE-77) vulnerability in Dlink Dir-645 Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
The vulnerability is a command injection flaw (CWE-77) in the HNAP interface of the D-Link DIR-645 Wired/Wireless Router Rev. Ax running firmware 1.04b12 and earlier. It is triggered specifically by a GetDeviceSettings action and carries a CVSS 3.1 score of 8.8.
Adjacent-network attackers without authentication or user interaction can send a crafted request to the HNAP endpoint and execute arbitrary commands on the device, resulting in full compromise of confidentiality, integrity, and availability.
D-Link has published security advisories SAP10051 and SAP10282, along with a support announcement, that address the affected router models and firmware versions. Public exploit code for the issue is also available.
The flaw enables unauthenticated remote command execution on the local network segment.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-2164
Vulnerability details
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
- CWE(s)
- KEV Date Added
- 10 February 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization checks before permitting any actions on the HNAP interface, blocking the unauthenticated GetDeviceSettings command injection.
Requires validation and sanitization of all input to the HNAP endpoint, directly preventing the crafted GetDeviceSettings payloads that trigger arbitrary command execution.
Restricts network communications to the HNAP service from adjacent networks, limiting the attack surface for unauthenticated remote command execution.