CVE-2015-2051: D-Link DIR-645 Router Remote Code Execution Vulnerability
First published: Mon Feb 23 2015(Updated: )
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DIR-645 Firmware | <=1.04b12 | |
| dlink DIR-645 A1 | =a1 | |
| D-Link DIR-645 | ||
| All of | ||
| D-Link DIR-645 Firmware | <1.05b01 | |
| dlink DIR-645 A1 | =a1 | |
| All of | ||
| <1.05b01 | ||
| =a1 |
Remedy
The impacted product is end-of-life and should be disconnected if still in use.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
- https://www.exploit-db.com/exploits/37171/
- http://www.securityfocus.com/bid/72623
- http://www.securityfocus.com/bid/74870
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282
- https://nvd.nist.gov/vuln/detail/CVE-2015-2051
- https://www.theregister.com/2025/02/10/infosec_in_brief/
Frequently Asked Questions
What is the severity of CVE-2015-2051?
CVE-2015-2051 is considered to have a high severity as it allows remote attackers to execute arbitrary commands on the vulnerable D-Link DIR-645 routers.
How do I fix CVE-2015-2051?
To fix CVE-2015-2051, update the firmware of the D-Link DIR-645 router to a version later than 1.04b12.
Which versions of D-Link DIR-645 are affected by CVE-2015-2051?
CVE-2015-2051 affects the D-Link DIR-645 router with firmware versions up to and including 1.04b12.
Can CVE-2015-2051 be exploited remotely?
Yes, CVE-2015-2051 can be exploited remotely through the HNAP interface of the D-Link DIR-645 router.
What devices are affected by CVE-2015-2051?
CVE-2015-2051 specifically affects the D-Link DIR-645 Wired/Wireless Router Rev. Ax with the vulnerable firmware versions.
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/severity
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2015-2051
- alias/CVE-2019-10891
- alias/CVE-2022-37056
- alias/CVE-2024-33112
- agent/trending
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-cve
- agent/event
- collector/the-register
- source/The Register
- alias/CVE-2024-21413
- vendor/dlink
- canonical/d-link dir-645 firmware
- version/d-link dir-645 firmware/1.04b12
- canonical/dlink dir-645 a1
- version/dlink dir-645 a1/a1
- vendor/d-link
- canonical/d-link dir-645