PT-2015-1278 · D Link · D-Link Dir-645
Samuel Huntley
·
Published
2015-02-23
·
Updated
2023-04-26
·
CVE-2015-2052
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-645 Wired/Wireless Router Rev. Ax versions 1.04b12 and earlier
Description
The issue allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the "HNAP interface". This is a result of a stack-based buffer overflow.
Recommendations
For versions 1.04b12 and earlier, consider restricting access to the HNAP interface as a temporary workaround until a patch is available. Avoid using long strings in the GetDeviceSettings action to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-645