⚠ Actively exploited

Added to CISA KEV on 2022-02-10. Federal agencies required to patch by 2022-08-10. Required action: The impacted product is end-of-life and should be disconnected if still in use..

CVE-2015-2051

CWE-77 — Command Injection11 documents10 sources

Severity

9.8CRITICAL

EPSS

93.0%

top 0.22%

CISA KEV

KEV

Added 2022-02-10

Due 2022-08-10

Exploit

Exploited in wild

Active exploitation observed

Affected products

Dlink Dir-645 Firmware

Timeline

PublishedFeb 23

KEV addedFeb 10

KEV dueAug 10

Latest updateDec 29

CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDdlink/dir-645_firmware< 1.05b01

🔴Vulnerability Details

GHSA

GHSA-x629-5xff-w7qg: The D-Link DIR-645 Wired/Wireless Router Rev↗2022-05-17

▶

CVEList

CVE-2015-2051: The D-Link DIR-645 Wired/Wireless Router Rev↗2015-02-23

▶

VulnCheck

D-Link DIR-645 Router Remote Code Execution Vulnerability↗2015

▶

💥Exploits & PoCs

Exploit-DB

D-Link Devices - HNAP SOAPAction-Header Command Execution (Metasploit)↗2015-06-01

▶

🔍Detection Rules

Suricata

ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)↗2021-11-17

▶

📋Vendor Advisories

CISA

D-Link DIR-645 Router Remote Code Execution Vulnerability↗2022-02-10

▶

🕵️Threat Intelligence

Bleepingcomputer

Malware botnets exploit outdated D-Link routers in recent attacks↗2024-12-29

▶

Unit42

Mirai Variant MooBot Targeting D-Link Devices↗2022-09-06

▶

Unit42

Mirai Variant MooBot Targeting D-Link Devices↗2022-09-06

▶