Buffer overflow in Dlink Dir-645

CVE-2015-2052

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.

Vulnerability class: Buffer Overflow

EPSS: 0.116 (93.8th percentile) — read the EPSS interpretation.

Affected products

Dlink Dir-645 — versions a1
Dlink Dir-645_firmware
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM, Exploit, Vendor Advisory)
72623 (vdb-entry, x_refsource_BID)