Stack-Based Buffer Overflow in DIR-645 Router by D-Link
CVE-2015-2052

Currently unrated

Key Information:

Vendor: D-Link
Status: Dir-645 Firmware
Vendor: CVE Published:; 23 February 2015

Summary

A stack-based buffer overflow vulnerability exists in the DIR-645 Wired/Wireless Router by D-Link. This issue is triggered when a remote attacker sends a specially crafted request containing a long string to the GetDeviceSettings action of the HNAP interface, potentially allowing execution of arbitrary code on the affected device. Users are advised to update to the latest firmware version to mitigate this risk.

References

http://securityadvisories.dlink.com/security/publication....

x_refsource_CONFIRM

http://www.securityfocus.com/bid/72623

vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 23, 2015
Vulnerability Reserved
Feb 23, 2015