VOOZH about

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-2051

⇱ NVD - CVE-2015-2051

  1. Vulnerabilities

CVE-2015-2051 Detail

Description

The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.


Metrics

 
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051 CVE, MITRE Exploit  Vendor Advisory 
http://www.securityfocus.com/bid/72623 CVE, MITRE Broken Link  Third Party Advisory  VDB Entry 
http://www.securityfocus.com/bid/74870 CVE, MITRE Broken Link  Third Party Advisory  VDB Entry 
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282 MITRE Vendor Advisory 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2051 CISA-ADP US Government Resource 
https://www.exploit-db.com/exploits/37171/ CVE, MITRE Exploit  Third Party Advisory  VDB Entry 

This CVE is in CISA's Known Exploited Vulnerabilities Catalog

Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

Vulnerability Name Date Added Due Date Required Action
D-Link DIR-645 Router Remote Code Execution Vulnerability 02/10/2022 08/10/2022 The impacted product is end-of-life and should be disconnected if still in use.

Weakness Enumeration

CWE-ID CWE Name Source
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') πŸ‘ cwe source acceptance level
NIST   CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

18 change records found show changes

CVE Modified by CISA-ADP 6/16/2026 8:23:30 PM

Action Type Old Value New Value
Added Affected 
[{"vendor":"dlink","product":"dir-645","defaultStatus":"unknown","cpes":["cpe:2.3:h:dlink:dir-645:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"1.04b12","versionType":"custom","status":"affected"}]},{"vendor":"dlink","product":"dir-645_firmware","defaultStatus":"unknown","cpes":["cpe:2.3:o:dlink:dir-645_firmware:1.03:*:*:*:*:*:*:*"],"versions":[{"version":"1.03","lessThanOrEqual":"1.04b12","versionType":"custom","status":"affected"}]}]
Added SSVC 
{"timestamp":"2024-05-02T18:31:27.959147Z","id":"CVE-2015-2051","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

CVE Modified by MITRE 6/16/2026 8:23:30 PM

Action Type Old Value New Value
Added Affected 
[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]

Modified Analysis by NIST 4/22/2026 9:59:12 AM

Action Type Old Value New Value
Added CVSS V3.1 
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Removed CVSS V3.1 
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added Reference Type 
CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2051 Types: US Government Resource

CVE Modified by CISA-ADP 10/21/2025 9:16:08 PM

Action Type Old Value New Value
Added Reference 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2051

CVE Modified by CISA-ADP 10/21/2025 4:16:22 PM

Action Type Old Value New Value
Removed Reference 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2051

CVE Modified by CISA-ADP 10/21/2025 3:16:28 PM

Action Type Old Value New Value
Added Reference 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2051

Modified Analysis by NIST 2/04/2025 10:40:56 AM

Action Type Old Value New Value
Changed Reference Type 
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282 No Types Assigned


 
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282 Vendor Advisory

CVE Modified by MITRE 1/06/2025 10:15:08 AM

Action Type Old Value New Value
Added Reference 
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10282

CVE Modified by CVE 11/20/2024 9:26:39 PM

Action Type Old Value New Value
Added Reference 
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
Added Reference 
http://www.securityfocus.com/bid/72623
Added Reference 
http://www.securityfocus.com/bid/74870
Added Reference 
https://www.exploit-db.com/exploits/37171/

Modified Analysis by NIST 7/24/2024 12:05:08 PM

Action Type Old Value New Value
Added CVSS V3.1 
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Changed CPE Configuration 
AND
 OR
 *cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:* versions up to (including) 1.04b12
 OR
 cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*


 
AND
 OR
 *cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.05b01
 OR
 cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*
Changed Reference Type 
http://www.securityfocus.com/bid/72623 No Types Assigned


 
http://www.securityfocus.com/bid/72623 Broken Link, Third Party Advisory, VDB Entry
Changed Reference Type 
http://www.securityfocus.com/bid/74870 No Types Assigned


 
http://www.securityfocus.com/bid/74870 Broken Link, Third Party Advisory, VDB Entry
Changed Reference Type 
https://www.exploit-db.com/exploits/37171/ No Types Assigned


 
https://www.exploit-db.com/exploits/37171/ Exploit, Third Party Advisory, VDB Entry

CVE Modified by CISA-ADP 7/02/2024 9:35:16 PM

Action Type Old Value New Value
Added CVSS V3.1 
CISA-ADP AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE 
CISA-ADP CWE-77

CVE Modified by MITRE 5/13/2024 11:31:32 PM

Action Type Old Value New Value

CPE Deprecation Remap by NIST 4/26/2023 3:27:52 PM

Action Type Old Value New Value
Changed CPE Configuration 
OR
 *cpe:2.3:o:d-link:dir-645_firmware:*:*:*:*:*:*:*:* versions from (including) 1.04b12


 
OR
 *cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:* versions from (including) 1.04b12

CPE Deprecation Remap by NIST 4/26/2023 2:55:30 PM

Action Type Old Value New Value
Changed CPE Configuration 
OR
 *cpe:2.3:h:d-link:dir-645:a1:*:*:*:*:*:*:*


 
OR
 *cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*

CVE Modified by MITRE 12/30/2016 9:59:23 PM

Action Type Old Value New Value
Added Reference 
http://www.securityfocus.com/bid/72623 [No Types Assigned]
Added Reference 
https://www.exploit-db.com/exploits/37171/ [No Types Assigned]

CVE Modified by MITRE 11/28/2016 2:19:21 PM

Action Type Old Value New Value
Added Reference 
http://www.securityfocus.com/bid/74870 [No Types Assigned]

Modified Analysis by NIST 2/24/2015 12:19:09 PM

Action Type Old Value New Value
Added CVSS V2 
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Added CWE 
CWE-77
Added CPE Configuration 
Configuration 1
 AND
 OR
 *cpe:2.3:o:d-link:dir-645_firmware:1.04b12:*:*:*:*:*:*:* (and previous)
 OR
 cpe:2.3:h:d-link:dir-645:a1:*:*:*:*:*:*:*
Changed Reference Type 
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051 No Types Assigned


 
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051 Advisory, Exploit

Initial CVE Analysis 2/24/2015 10:21:59 AM

Action Type Old Value New Value

Quick Info

CVE Dictionary Entry:
CVE-2015-2051
NVD Published Date:
02/23/2015
NVD Last Modified:
06/16/2026
Source:
MITRE