Dlink Dir-645 Firmware vulnerabilities

11 known vulnerabilities affecting dlink/dir-645_firmware.

Total CVEs
11
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL7MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-10689MEDIUMCVSS 5.3v1.05b012025-09-18
CVE-2025-10689 [MEDIUM] CWE-74 CVE-2025-10689: A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_mai A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer support
nvd
CVE-2025-7192MEDIUMCVSS 5.3≤ 1.05b012025-07-08
CVE-2025-7192 [MEDIUM] CWE-74 CVE-2025-7192: A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue aff A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only a
nvd
CVE-2023-36089CRITICALCVSS 9.8v1.032023-07-31
CVE-2023-36089 [CRITICAL] CWE-863 CVE-2023-36089: Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
nvd
CVE-2022-46475CRITICALCVSS 9.8v1.06b01_beta012023-01-17
CVE-2022-46475 [CRITICAL] CWE-787 CVE-2022-46475: D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.
nvd
CVE-2022-32092CRITICALCVSS 9.8≤ 1.032022-06-27
CVE-2022-32092 [CRITICAL] CWE-78 CVE-2022-32092: D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRIN D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.
nvd
CVE-2021-43722CRITICALCVSS 9.8v1.032022-03-31
CVE-2021-43722 [CRITICAL] CWE-787 CVE-2021-43722: D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handle D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.
nvd
CVE-2020-25786MEDIUMCVSS 6.1v1.06b012020-09-19
CVE-2020-25786 [MEDIUM] CWE-79 CVE-2020-25786: webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that
nvd
CVE-2013-7471CRITICALCVSS 9.8fixed in 1.04b112019-06-11
CVE-2013-7471 [CRITICAL] CWE-77 CVE-2013-7471: An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 be An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
nvd
CVE-2015-2052CRITICALCVSS 10.0≤ 1.04b122015-02-23
CVE-2015-2052 [CRITICAL] CWE-119 CVE-2015-2052: Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and e Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.
nvd
CVE-2015-2051CRITICALCVSS 9.8KEVPoCfixed in 1.05b012015-02-23
CVE-2015-2051 [CRITICAL] CWE-77 CVE-2015-2051: The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote att The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
nvd
CVE-2013-7389MEDIUMCVSS 4.3PoC≤ 1.032014-07-07
CVE-2013-7389 [MEDIUM] CWE-79 CVE-2013-7389: Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
nvd