Sign-up

ID

VAR-201502-0202


CVE

CVE-2015-2052


TITLE

D-Link DIR-645 Wired/Wireless Router firmware stack-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001592

DESCRIPTION

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. The D-Link DIR-645 is a D-Link router that regulates wireless transmit power. Ax. D-Link DIR-645 has command injection and buffer overflow vulnerabilities that allow malicious applications to perform buffer overflow attacks, execute arbitrary commands, and inject arbitrary commands through the HNAP interface. D-Link DIR-645 is prone to a command-injection and a stack-based buffer-overflow vulnerability. Ax with firmware 1.04b12 and earlier. The vulnerability stems from the fact that the program does not adequately filter the input submitted by the user when processing the GetDeviceSettings request

Trust: 3.06

sources: NVD: CVE-2015-2052 // JVNDB: JVNDB-2015-001592 // CNVD: CNVD-2015-01376 // CNVD: CNVD-2015-01332 // BID: 72623 // VULHUB: VHN-80013

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2015-01376 // CNVD: CNVD-2015-01332

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-645scope:lteversion:1.04b12

Trust: 1.0

vendor:d linkmodel:dir-645scope:eqversion:ax

Trust: 0.8

vendor:d linkmodel:dir-645scope:lteversion:1.04b12

Trust: 0.8

vendor:d linkmodel:dir-645 <=1.04b12scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-645scope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-645scope:eqversion:1.04b12

Trust: 0.6

sources: CNVD: CNVD-2015-01376 // CNVD: CNVD-2015-01332 // JVNDB: JVNDB-2015-001592 // CNNVD: CNNVD-201502-367 // NVD: CVE-2015-2052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2052
value: HIGH

Trust: 1.0

NVD: CVE-2015-2052
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-01376
value: HIGH

Trust: 0.6

CNVD: CNVD-2015-01332
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-367
value: MEDIUM

Trust: 0.6

VULHUB: VHN-80013
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-2052
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01376
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2015-01332
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-80013
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-01376 // CNVD: CNVD-2015-01332 // VULHUB: VHN-80013 // JVNDB: JVNDB-2015-001592 // CNNVD: CNNVD-201502-367 // NVD: CVE-2015-2052

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-80013 // JVNDB: JVNDB-2015-001592 // NVD: CVE-2015-2052

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-367

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201502-367

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001592

PATCH
title:DIR-645url:http://support.dlink.com/ProductInfo.aspx?m=DIR-645
Trust: 0.8
title:SAP10051url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051
Trust: 0.8
title:D-Link DIR-645 Wired/Wireless Router Stack Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/55731
Trust: 0.6
title:D-Link DIR-645 Wired/Wireless Router Repair measures for stack-based buffer error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234989
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01376 // 
            
            
            
            JVNDB: JVNDB-2015-001592 // 
            
            
            
            CNNVD: CNNVD-201502-367

EXTERNAL IDS
db:NVDid:CVE-2015-2052
Trust: 3.4
db:DLINKid:SAP10051
Trust: 2.9
db:BIDid:72623
Trust: 2.6
db:JVNDBid:JVNDB-2015-001592
Trust: 0.8
db:CNNVDid:CNNVD-201502-367
Trust: 0.7
db:CNVDid:CNVD-2015-01376
Trust: 0.6
db:CNVDid:CNVD-2015-01332
Trust: 0.6
db:VULHUBid:VHN-80013
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-01376 // 
            
            
            
            CNVD: CNVD-2015-01332 // 
            
            
            
            VULHUB: VHN-80013 // 
            
            
            
            BID: 72623 // 
            
            
            
            JVNDB: JVNDB-2015-001592 // 
            
            
            
            CNNVD: CNNVD-201502-367 // 
            
            
            
            NVD: CVE-2015-2052

REFERENCES
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10051
Trust: 2.9
url:http://www.securityfocus.com/bid/72623
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2052
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2052
Trust: 0.8
url:http://www.dlink.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-01376 // 
            
            
            
            CNVD: CNVD-2015-01332 // 
            
            
            
            VULHUB: VHN-80013 // 
            
            
            
            BID: 72623 // 
            
            
            
            JVNDB: JVNDB-2015-001592 // 
            
            
            
            CNNVD: CNNVD-201502-367 // 
            
            
            
            NVD: CVE-2015-2052

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 72623

SOURCES
db:CNVDid:CNVD-2015-01376
db:CNVDid:CNVD-2015-01332
db:VULHUBid:VHN-80013
db:BIDid:72623
db:JVNDBid:JVNDB-2015-001592
db:CNNVDid:CNNVD-201502-367
db:NVDid:CVE-2015-2052

LAST UPDATE DATE
2024-11-23T22:18:26.345000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01376date:2015-03-02T00:00:00
db:CNVDid:CNVD-2015-01332date:2015-02-28T00:00:00
db:VULHUBid:VHN-80013date:2016-12-31T00:00:00
db:BIDid:72623date:2015-07-15T00:17:00
db:JVNDBid:JVNDB-2015-001592date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-367date:2023-04-27T00:00:00
db:NVDid:CVE-2015-2052date:2024-11-21T02:26:39.887

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-01376date:2015-03-02T00:00:00
db:CNVDid:CNVD-2015-01332date:2015-02-28T00:00:00
db:VULHUBid:VHN-80013date:2015-02-23T00:00:00
db:BIDid:72623date:2015-02-13T00:00:00
db:JVNDBid:JVNDB-2015-001592date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-367date:2015-02-27T00:00:00
db:NVDid:CVE-2015-2052date:2015-02-23T17:59:09.243