Buffer overflow in D-link Dir-645
CVE-2026-5815
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The explo…
Vulnerability class: Buffer Overflow
EPSS: 0.001 (28.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R.
Affected products
- D-link Dir-645 — versions 1.01, 1.02, 1.03
Weakness classification (CWE)
References
- VDB-356263 | D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow (vdb-entry, technical-description)
- VDB-356263 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
- Submit #788298 | D-Link DIR-645 1.01–1.03 Stack-based Buffer Overflow (third-party-advisory)
- github.com/Pers1st0/CVE/blob/main/stack-based buffer overflow vulnerability exi… (related)
- github.com/Pers1st0/CVE/blob/main/stack-based buffer overflow vulnerability exi… (exploit)
- www.dlink.com/ (product)
Frequently asked questions
- What is CVE-2026-5815?
- CVE-2026-5815 is a high-severity vulnerability in D-link Dir-645, classified under Stack-based Buffer Overflow. CVSS score: 8.8/10. Published 2026-04-08.
- How severe is CVE-2026-5815?
- High severity. CVSS v3 base score is 8.8 out of 10.