{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5815", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-08T15:30:14.100Z", "datePublished": "2026-04-08T23:15:14.287Z", "dateUpdated": "2026-04-08T23:15:14.287Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-08T23:15:14.287Z"}, "title": "D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "D-Link", "product": "DIR-645", "versions": [{"version": "1.01", "status": "affected"}, {"version": "1.02", "status": "affected"}, {"version": "1.03", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-08T17:35:19.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Pers1st (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/356263", "name": "VDB-356263 | D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356263/cti", "name": "VDB-356263 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/788298", "name": "Submit #788298 | D-Link DIR-645 1.01\u20131.03 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md", "tags": ["related"]}, {"url": "https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md#poc", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "tags": ["unsupported-when-assigned"]}}}

{}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."}], "id": "CVE-2026-5815", "lastModified": "2026-04-09T00:16:20.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-09T00:16:20.863", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md#poc"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/788298"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356263"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356263/cti"}, {"source": "cna@vuldb.com", "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.01"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.02"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.03"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DIR-645", "source": "cna", "vendor": "D-Link"}, "product": "dir-645", "vendor": "d-link"}], "analysis": {"en": {"generated_at": "2026-04-09T00:50:38.874808+00:00", "value": {"mitigation_remediation": ["Apply any available firmware update that removes the vulnerable /cgi-bin/hedwig.cgi function.", "Reconfigure the router or firewall to block HTTP access to the /cgi-bin directory.", "Place the router on a separate VLAN or separate network segment to isolate it from critical infrastructure.", "Regularly review system logs and monitor for anomalous CGI requests.", "Consider replacing the unsupported device with a supported model."], "summary": {"action": "Assess Impact", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts D\u2011Link DIR\u2011645 routers running firmware releases 1.01, 1.02, and 1.03. These devices are no longer supported by the manufacturer, meaning no official patch is currently available. As a result, the routers remain susceptible to exploitation until replaced or otherwise mitigated.", "description_and_impact": "A stack\u2011based buffer overflow exists in the hedwigcgi_main function of the /cgi-bin/hedwig.cgi script on D\u2011Link DIR\u2011645 routers. Firmware versions 1.01 through 1.03 are affected. The flaw can be triggered remotely, allowing an attacker to overwrite a stack buffer and, based on typical behavior of such overflows, potentially execute arbitrary code. The consequent compromise could affect the confidentiality, integrity, and availability of the device and any network traffic it forwards.", "risk_and_exploitability": "With a CVSS score of 8.7, the flaw is classified as high severity. The EPSS score is not disclosed, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is remote, most likely through HTTP requests targeting the /cgi-bin/hedwig.cgi endpoint. The public exploit demonstrates that attackers can launch the attack from outside the network. Consequently, any DIR\u2011645 device exposed to the Internet poses a significant risk, especially if no protective network segmentation or access control is applied."}}}}, "created": "2026-04-09T08:16:01.980260+00:00", "updated": "2026-04-09T08:25:28.256053+00:00", "vendors": ["d-link", "d-link$PRODUCT$dir-645"]}