CVE-2026-5815

HIGH

D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow

Title source: cna

Description

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

References (6)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/356263

[Signature, Permissions Required] https://vuldb.com/vuln/356263/cti

[Third Party Advisory] https://vuldb.com/submit/788298

[Related] https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md

View Writeup ZIP pw:eip

[Exploit] https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md#poc

[Product] https://www.dlink.com/

Scores

CVSS v3 8.8

EPSS 0.0009

EPSS Percentile 26.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-121

Status published

Products (3)

D-Link/DIR-645 1.01

D-Link/DIR-645 1.02

D-Link/DIR-645 1.03

Published Apr 09, 2026

Tracked Since Apr 09, 2026