var-201502-0202
Vulnerability from variot
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. The D-Link DIR-645 is a D-Link router that regulates wireless transmit power. Ax. D-Link DIR-645 has command injection and buffer overflow vulnerabilities that allow malicious applications to perform buffer overflow attacks, execute arbitrary commands, and inject arbitrary commands through the HNAP interface. D-Link DIR-645 is prone to a command-injection and a stack-based buffer-overflow vulnerability. Ax with firmware 1.04b12 and earlier. The vulnerability stems from the fact that the program does not adequately filter the input submitted by the user when processing the GetDeviceSettings request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-645",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b12"
},
{
"model": "dir-645",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "ax"
},
{
"model": "dir-645",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.04b12"
},
{
"model": "dir-645 \u003c=1.04b12",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-645",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-645",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.04b12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dir-645",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-645_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "72623"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2052",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2052",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01376",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-01332",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80013",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2052",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-2052",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-01376",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-01332",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-367",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80013",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. The D-Link DIR-645 is a D-Link router that regulates wireless transmit power. Ax. D-Link DIR-645 has command injection and buffer overflow vulnerabilities that allow malicious applications to perform buffer overflow attacks, execute arbitrary commands, and inject arbitrary commands through the HNAP interface. D-Link DIR-645 is prone to a command-injection and a stack-based buffer-overflow vulnerability. Ax with firmware 1.04b12 and earlier. The vulnerability stems from the fact that the program does not adequately filter the input submitted by the user when processing the GetDeviceSettings request ",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2052"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "BID",
"id": "72623"
},
{
"db": "VULHUB",
"id": "VHN-80013"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2052",
"trust": 3.4
},
{
"db": "DLINK",
"id": "SAP10051",
"trust": 2.9
},
{
"db": "BID",
"id": "72623",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01376",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-01332",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80013",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "BID",
"id": "72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"id": "VAR-201502-0202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
}
],
"trust": 1.89325397
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
}
]
},
"last_update_date": "2024-11-23T22:18:26.345000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-645",
"trust": 0.8,
"url": "http://support.dlink.com/ProductInfo.aspx?m=DIR-645"
},
{
"title": "SAP10051",
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051"
},
{
"title": "D-Link DIR-645 Wired/Wireless Router Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/55731"
},
{
"title": "D-Link DIR-645 Wired/Wireless Router Repair measures for stack-based buffer error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10051"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72623"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2052"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2052"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "BID",
"id": "72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"db": "VULHUB",
"id": "VHN-80013"
},
{
"db": "BID",
"id": "72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
},
{
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"date": "2015-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"date": "2015-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-80013"
},
{
"date": "2015-02-13T00:00:00",
"db": "BID",
"id": "72623"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"date": "2015-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-367"
},
{
"date": "2015-02-23T17:59:09.243000",
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01376"
},
{
"date": "2015-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01332"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-80013"
},
{
"date": "2015-07-15T00:17:00",
"db": "BID",
"id": "72623"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001592"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-367"
},
{
"date": "2024-11-21T02:26:39.887000",
"db": "NVD",
"id": "CVE-2015-2052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-645 Wired/Wireless Router firmware stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001592"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-367"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.