VYPR

Dir 645

by Dlink

CVEs (12)

  • CVE-2015-2051HigKEVFeb 23, 2015
    risk 0.80cvss 8.8epss 0.97

    The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

  • CVE-2026-5815HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This…

  • CVE-2025-10689MedSep 18, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be…

  • CVE-2025-7192MedJul 8, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit…

  • CVE-2013-7389Jul 7, 2014
    risk 0.05cvss epss 0.28

    Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3)…

  • CVE-2022-32092Jun 27, 2022
    risk 0.02cvss epss 0.06

    D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.

  • CVE-2013-7471Jun 11, 2019
    risk 0.02cvss epss 0.24

    An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or…

  • CVE-2018-25115Aug 27, 2025
    risk 0.00cvss epss 0.09

    Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication.…

  • CVE-2023-36089Jul 31, 2023
    risk 0.00cvss epss 0.01

    Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

  • CVE-2022-46475Jan 17, 2023
    risk 0.00cvss epss 0.10

    D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.

  • CVE-2021-43722Mar 31, 2022
    risk 0.00cvss epss 0.03

    D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.

  • CVE-2015-2052Feb 23, 2015
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.