Which versions of D-Link are affected by EUVD-2026-20809?

D-Link DIR-645 routers (versions 1.01-1.03) contain a stack-based buffer overflow in the web interface that allows authenticated attackers to gain complete control of the device.

Is there a public PoC exploit available for EUVD-2026-20809?

Yes, a public proof-of-concept exploit is available for EUVD-2026-20809. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2026-20809?

Within 24 hours: Identify all D-Link DIR-645 devices on the network using inventory tools and determine business-critical vs. non-critical deployments. Within 7 days: Implement network segmentation-isolate affected routers to a restricted management VLAN with access controls limiting administrative traffic only. Within 30 days: Complete replacement of all DIR-645 units with current, vendor-supported router models and validate connectivity before decommissioning legacy devices.

D-Link EUVD-2026-20809

Q: What is the CVSS score of EUVD-2026-20809?

EUVD-2026-20809 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-5815 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-08 VulDB

D-Link Buffer Overflow Stack Overflow

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 19:07 vuln.today

cvss_changed

PoC Detected

Apr 09, 2026 - 00:16 vuln.today

Public exploit code

EUVD ID Assigned

Apr 08, 2026 - 23:31 euvd

EUVD-2026-20809

Analysis Generated

Apr 08, 2026 - 23:31 vuln.today

CVE Published

Apr 08, 2026 - 23:15 nvd

HIGH 7.4

DescriptionCVE.org

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in D-Link DIR-645 router (versions 1.01, 1.02, 1.03) via hedwigcgi_main function in /cgi-bin/hedwig.cgi allows authenticated remote attackers to achieve complete system compromise. Exploitation requires low-privilege credentials but no user interaction. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send authenticated request to /cgi-bin/hedwig.cgi

Exploit

Craft oversized input parameter

Execution

Trigger stack buffer overflow

Impact

Execute arbitrary code on router

Access

Send authenticated request to /cgi-bin/hedwig.cgi

Exploit

Craft oversized input parameter

Execution

Trigger stack buffer overflow

Impact

Execute arbitrary code on router

Vulnerability AssessmentAI

Exploitation	Requires authenticated access to D-Link DIR-645 router firmware versions 1.01, 1.02, or 1.03. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Stack buffer overflow in end-of-life D-Link router requiring authenticated access limits immediate blast radius to compromised networks. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Authenticated attacker sends oversized payload to /cgi-bin/hedwig.cgi, triggering stack overflow in hedwigcgi_main function. Overflow overwrites return pointer, enabling code execution with router privileges. …
Remediation	No vendor-released patch identified at time of analysis; D-Link has discontinued support for DIR-645 hardware per vendor statement. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all D-Link DIR-645 devices on the network using inventory tools and determine business-critical vs. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12174 HIGH This Week POC

7.4 Jun 13

Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt me

EUVD-2026-20809 vulnerability details – vuln.today

Back