Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe
Filtered by product Dir-645
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-36089 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 N/A 9.8 CRITICAL
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-46475 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 N/A 9.8 CRITICAL
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.
CVE-2022-32092 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.
CVE-2021-43722 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.
CVE-2020-25786 1 Dlink 12 Dir-645, Dir-645 Firmware, Dir-803 and 9 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
CVE-2015-2052 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.
CVE-2015-2051 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
CVE-2013-7471 1 Dlink 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
CVE-2013-7389 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.