CVE-2026-5815

| EUVD-2026-20809 HIGH
2026-04-08 VulDB
7.4
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Apr 09, 2026 - 00:16 vuln.today
Public exploit code
Analysis Generated
Apr 08, 2026 - 23:31 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 23:31 euvd
EUVD-2026-20809
CVE Published
Apr 08, 2026 - 23:15 nvd
HIGH 7.4

Tags

D-Link Buffer Overflow Stack Overflow Dir 645

Description

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

Stack-based buffer overflow in D-Link DIR-645 router (versions 1.01, 1.02, 1.03) via hedwigcgi_main function in /cgi-bin/hedwig.cgi allows authenticated remote attackers to achieve complete system compromise. Exploitation requires low-privilege credentials but no user interaction. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all D-Link DIR-645 devices on the network using inventory tools and determine business-critical vs. non-critical deployments. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

57
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +37
POC: +20

Share

CVE-2026-5815 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy