CVE-2025-10689

The CVE-2025-10689 entry concerns D-Link DIR-645 firmware (model 105B01). A vulnerability exists in the soapcgi_main function within /soap.cgi where manipulation of the service argument enables remote command injection. The issue can be exploited remotely and publicly available exploit code is no...

CVE-2021-43722

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...

PT-2015-1277

Name of the Vulnerable Software and Affected Versions D-Link DIR-645 Wired/Wireless Router Rev. Ax versions prior to 1.04b12 Description The HNAP Home Network Administration Protocol interface fails to properly neutralize special characters used in OS commands. This allows remote attackers to...

D-Link DIR645, DIR865, DIR845 authentication.cgi Buffer Overflow

This Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has...