Filtered by vendor Dlink
                         Subscriptions
                    
                    
                
                        Filtered by product Dir-645
                         Subscriptions
                    
                    
                
                    Total
                    12 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-10-22 | 8.8 High | 
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | ||||
| CVE-2025-10689 | 2 D-link, Dlink | 3 Dir-645, Dir-645, Dir-645 Firmware | 2025-10-03 | 6.3 Medium | 
| A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2018-25115 | 2 D-link, Dlink | 21 Dir-110, Dir-412, Dir-600 and 18 more | 2025-09-24 | 9.8 Critical | 
| Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. | ||||
| CVE-2025-7192 | 2 D-link, Dlink | 3 Dir-645, Dir-645, Dir-645 Firmware | 2025-07-14 | 6.3 Medium | 
| A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2013-7389 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-04-12 | N/A | 
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. | ||||
| CVE-2015-2052 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-04-12 | N/A | 
| Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. | ||||
| CVE-2022-46475 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-04-03 | 9.8 Critical | 
| D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. | ||||
| CVE-2023-36089 | 2 D-link, Dlink | 3 Dir-645 Firmware, Dir-645, Dir-645 Firmware | 2024-11-21 | 9.8 Critical | 
| Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2022-32092 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-11-21 | 9.8 Critical | 
| D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | ||||
| CVE-2021-43722 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-11-21 | 9.8 Critical | 
| D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. | ||||
| CVE-2020-25786 | 1 Dlink | 12 Dir-645, Dir-645 Firmware, Dir-803 and 9 more | 2024-11-21 | 6.1 Medium | 
| webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header | ||||
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2024-11-21 | 9.8 Critical | 
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. | ||||
                            
                                
                                
                                    Page 1 of 1.