Cyber Resilience

CVE-2026-5815

High

Published: 09 April 2026

Published
09 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0050 38.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5815 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-5815 is a stack-based buffer overflow vulnerability in the hedwigcgi_main function of the /cgi-bin/hedwig.cgi file within D-Link DIR-645 router firmware versions 1.01, 1.02, and 1.03. This flaw, associated with CWE-119 and CWE-121, allows remote manipulation and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction and low attack complexity over the network. Successful exploitation could grant high-level control over the affected device, potentially leading to arbitrary code execution via the buffer overflow. A public proof-of-concept exploit is available, increasing the risk of widespread abuse.

References, including GitHub repositories and VulDB entries, detail the vulnerability and provide a PoC but confirm that affected D-Link DIR-645 products are no longer supported by the maintainer, with no patches or official mitigations available. Security practitioners should prioritize network segmentation, exposure minimization, or device replacement for any remaining deployments. The public exploit status heightens the urgency for EOL hardware.

EU & UK References

Vulnerability details

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This…

more

vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote stack-based buffer overflow in public-facing CGI script (/cgi-bin/hedwig.cgi) on router web interface directly enables T1190 for initial access and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-9428Shared CWE-119, CWE-121
CVE-2026-2886Shared CWE-119, CWE-121
CVE-2025-8017Shared CWE-119, CWE-121
CVE-2025-8816Shared CWE-119, CWE-121
CVE-2025-14665Shared CWE-119, CWE-121
CVE-2025-9247Shared CWE-119, CWE-121
CVE-2026-5604Shared CWE-119, CWE-121
CVE-2025-8824Shared CWE-119, CWE-121
CVE-2025-11386Shared CWE-119, CWE-121
CVE-2025-15190Shared CWE-119, CWE-121

Affected Assets

Dlink
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-16 implements memory protections such as stack canaries and non-executable memory that directly prevent unauthorized code execution from stack-based buffer overflows like this CVE.

prevent

SI-10 enforces validation of information inputs to CGI functions, preventing malformed data from triggering the buffer overflow in hedwigcgi_main.

prevent

SA-22 prohibits or restricts use of unsupported system components like EOL D-Link DIR-645 routers, eliminating exposure to this unpatchable vulnerability.

References