Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
D-Link DIR-645: Remote Attack via Malicious CGI Request
CVE-2026-5815
Summary
A security weakness in the D-Link DIR-645 router's CGI interface allows an attacker to potentially exploit it remotely. This affects older versions of the router that are no longer supported by the manufacturer. Users with this router should consider replacing it with a newer model.
Original title
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The ...
Original description
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 9 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026