CVE-2015-2051

Name of the Vulnerable Software and Affected Versions D-Link DIR-645 Wired/Wireless Router Rev. Ax versions prior to 1.04b12

Description The HNAP (Home Network Administration Protocol) interface fails to properly neutralize special characters used in OS commands. This allows remote attackers to execute arbitrary commands via a 'GetDeviceSettings' action. In real-world incidents, the Goldoon botnet has exploited this issue to gain full control over devices, extract data, and establish communication with Command and Control (C&C) servers to launch DDoS attacks across 27 different vectors using DNS, HTTP, ICMP, TCP, and UDP protocols.

Recommendations Update the firmware to a version later than 1.04b12. As a temporary workaround, restrict access to the HNAP interface to minimize the risk of exploitation.