CVE-2026-5815 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 9, 2026
D-Link DIR-645 - Buffer Overflow
Published: April 9, 2026Updated: April 9, 2026Remote Exploitable
Overview
D-Link DIR-645 1.01/1.02/1.03 contains a stack-based buffer overflow caused by manipulation in hedwigcgi_main function of /cgi-bin/hedwig.cgi, letting remote attackers execute arbitrary code, exploit requires no special privileges.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Remote attackers can execute arbitrary code, potentially leading to full system compromise.
Mitigation
Update to the latest supported version or replace the device as it is no longer supported.
References
- https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md
- https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md#poc
- https://vuldb.com/submit/788298
- https://vuldb.com/vuln/356263
- https://vuldb.com/vuln/356263/cti
- https://www.dlink.com/
Related Resources
Details
- CVE ID
- CVE-2026-5815
- Severity
- High
- CVSS Score
- 8.8
- Type
- buffer_overflow
- Status
- new
CWE
- CWE-119
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H