CVE-2026-5815 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 9, 2026
D-Link DIR-645 - Buffer Overflow
Overview
D-Link DIR-645 1.01/1.02/1.03 contains a stack-based buffer overflow caused by manipulation in hedwigcgi_main function of /cgi-bin/hedwig.cgi, letting remote attackers execute arbitrary code, exploit requires no special privileges.
Severity & Score
Impact
Remote attackers can execute arbitrary code, potentially leading to full system compromise.
Mitigation
Update to the latest supported version or replace the device as it is no longer supported.
References
- https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md
- https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md#poc
- https://vuldb.com/submit/788298
- https://vuldb.com/vuln/356263
- https://vuldb.com/vuln/356263/cti
- https://www.dlink.com/
Social Media Activity(1 post)
š CVE-2026-5815 - High (8.8) A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is no... š https://www.thehackerwire.com/vulnerability/CVE-2026-5815/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-5815
- Severity
- High
- CVSS Score
- 8.8
- Type
- buffer_overflow
- Status
- new
- EPSS
- 8.4%
- Social Posts
- 1
CWE
- CWE-119
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H