CVE-2026-5815
Published: 09 April 2026
Summary
CVE-2026-5815 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink (inferred from references). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-5815 is a stack-based buffer overflow vulnerability in the hedwigcgi_main function of the /cgi-bin/hedwig.cgi file within D-Link DIR-645 router firmware versions 1.01, 1.02, and 1.03. This flaw, associated with CWE-119 and CWE-121, allows remote manipulation and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction and low attack complexity over the network. Successful exploitation could grant high-level control over the affected device, potentially leading to arbitrary code execution via the buffer overflow. A public proof-of-concept exploit is available, increasing the risk of widespread abuse.
References, including GitHub repositories and VulDB entries, detail the vulnerability and provide a PoC but confirm that affected D-Link DIR-645 products are no longer supported by the maintainer, with no patches or official mitigations available. Security practitioners should prioritize network segmentation, exposure minimization, or device replacement for any remaining deployments. The public exploit status heightens the urgency for EOL hardware.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-20809
Vulnerability details
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This…
more
vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack-based buffer overflow in public-facing CGI script (/cgi-bin/hedwig.cgi) on router web interface directly enables T1190 for initial access and arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-16 implements memory protections such as stack canaries and non-executable memory that directly prevent unauthorized code execution from stack-based buffer overflows like this CVE.
SI-10 enforces validation of information inputs to CGI functions, preventing malformed data from triggering the buffer overflow in hedwigcgi_main.
SA-22 prohibits or restricts use of unsupported system components like EOL D-Link DIR-645 routers, eliminating exposure to this unpatchable vulnerability.