CVE-2026-5815 - Vulnerability Details

- D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow

Description

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-04-08

Score: 8.7 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A stack‑based buffer overflow exists in the hedwigcgi_main function of the /cgi-bin/hedwig.cgi script on D‑Link DIR‑645 routers. Firmware versions 1.01 through 1.03 are affected. The flaw can be triggered remotely, allowing an attacker to overwrite a stack buffer and, based on typical behavior of such overflows, potentially execute arbitrary code. The consequent compromise could affect the confidentiality, integrity, and availability of the device and any network traffic it forwards.

Affected Systems

The vulnerability impacts D‑Link DIR‑645 routers running firmware releases 1.01, 1.02, and 1.03. These devices are no longer supported by the manufacturer, meaning no official patch is currently available. As a result, the routers remain susceptible to exploitation until replaced or otherwise mitigated.

Risk and Exploitability

With a CVSS score of 8.7, the flaw is classified as high severity. The EPSS score is not disclosed, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is remote, most likely through HTTP requests targeting the /cgi-bin/hedwig.cgi endpoint. The public exploit demonstrates that attackers can launch the attack from outside the network. Consequently, any DIR‑645 device exposed to the Internet poses a significant risk, especially if no protective network segmentation or access control is applied.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-645

affected

Version	Status	Constraints
`1.01`	affected	—
`1.02`	affected	—
`1.03`	affected	—

No data.

Vendor Product Confidence Versions

D-link

Dir-645

100%

Version	Status	Scheme	Platform
`1.01`	affected	generic	—
`1.02`	affected	generic	—
`1.03`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any available firmware update that removes the vulnerable /cgi-bin/hedwig.cgi function.
Reconfigure the router or firewall to block HTTP access to the /cgi-bin directory.
Place the router on a separate VLAN or separate network segment to isolate it from critical infrastructure.
Regularly review system logs and monitor for anomalous CGI requests.
Consider replacing the unsupported device with a supported model.

Generated by OpenCVE AI on April 9, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md
https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md#poc
https://vuldb.com/submit/788298
https://vuldb.com/vuln/356263
https://vuldb.com/vuln/356263/cti
https://www.dlink.com/

History

Thu, 09 Apr 2026 08:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-645
Vendors & Products		D-link D-link dir-645

Wed, 08 Apr 2026 23:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Title		D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow
Weaknesses		CWE-119 CWE-121
References		https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md https://github.com/Pers1st0/CVE/blob/main/stack-based%20buffer%20overflow%20vulnerability%20exists%20in%20the%20hedwig.cgi%20of%20D-Link%20DIR-645.md#poc https://vuldb.com/submit/788298 https://vuldb.com/vuln/356263 https://vuldb.com/vuln/356263/cti https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-645

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-08T23:15:14.287Z

Updated: 2026-04-08T23:15:14.287Z

Reserved: 2026-04-08T15:30:14.100Z

Link: CVE-2026-5815

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-09T00:16:20.863

Modified: 2026-04-09T00:16:20.863

Link: CVE-2026-5815

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-09T08:25:28Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object