VAR-201502-0202
Vulnerability from variot - Updated: 2023-12-18 13:34Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. The D-Link DIR-645 is a D-Link router that regulates wireless transmit power. Ax. D-Link DIR-645 has command injection and buffer overflow vulnerabilities that allow malicious applications to perform buffer overflow attacks, execute arbitrary commands, and inject arbitrary commands through the HNAP interface. D-Link DIR-645 is prone to a command-injection and a stack-based buffer-overflow vulnerability. Ax with firmware 1.04b12 and earlier. The vulnerability stems from the fact that the program does not adequately filter the input submitted by the user when processing the GetDeviceSettings request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-645",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b12"
},
{
"model": "dir-645",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "ax"
},
{
"model": "dir-645",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.04b12"
},
{
"model": "dir-645 \u003c=1.04b12",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-645",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-645",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.04b12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.04b12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "72623"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2052",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-2052",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01376",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-01332",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80013",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2052",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-01376",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-01332",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-367",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80013",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. The D-Link DIR-645 is a D-Link router that regulates wireless transmit power. Ax. D-Link DIR-645 has command injection and buffer overflow vulnerabilities that allow malicious applications to perform buffer overflow attacks, execute arbitrary commands, and inject arbitrary commands through the HNAP interface. D-Link DIR-645 is prone to a command-injection and a stack-based buffer-overflow vulnerability. Ax with firmware 1.04b12 and earlier. The vulnerability stems from the fact that the program does not adequately filter the input submitted by the user when processing the GetDeviceSettings request ",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2052"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "BID",
"id": "72623"
},
{
"db": "VULHUB",
"id": "VHN-80013"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2052",
"trust": 3.4
},
{
"db": "DLINK",
"id": "SAP10051",
"trust": 2.9
},
{
"db": "BID",
"id": "72623",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01376",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-01332",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80013",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "BID",
"id": "72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
]
},
"id": "VAR-201502-0202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
}
],
"trust": 2.0121212
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
}
]
},
"last_update_date": "2023-12-18T13:34:33.646000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-645",
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-645"
},
{
"title": "SAP10051",
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10051"
},
{
"title": "D-Link DIR-645 Wired/Wireless Router Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55731"
},
{
"title": "D-Link DIR-645 Wired/Wireless Router Repair measures for stack-based buffer error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10051"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72623"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2052"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2052"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "BID",
"id": "72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "BID",
"id": "72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"date": "2015-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"date": "2015-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-80013"
},
{
"date": "2015-02-13T00:00:00",
"db": "BID",
"id": "72623"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"date": "2015-02-23T17:59:09.243000",
"db": "NVD",
"id": "CVE-2015-2052"
},
{
"date": "2015-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"date": "2015-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80013"
},
{
"date": "2015-07-15T00:17:00",
"db": "BID",
"id": "72623"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"date": "2023-04-26T19:27:52.350000",
"db": "NVD",
"id": "CVE-2015-2052"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-645 Wired/Wireless Router firmware stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…