MAL-2026-3592 Malicious code in hedwig-tsconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1a650b67b76184573f147a7b286249b1de734cfa85647aea9a9bea3284e155f8 The OpenSSF Package Analysis project identified 'hedwig-tsconfig' @ 99.8.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in hedwig-tsconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1a650b67b76184573f147a7b286249b1de734cfa85647aea9a9bea3284e155f8 The OpenSSF Package Analysis project identified 'hedwig-tsconfig' @ 99.8.1 npm as malicious. It is considered malicious because: - The package...

EUVD-2026-20809

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

CVE-2025-15194

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...

CVE-2025-15194

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...

CVE-2025-15194 D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...

D-Link DIR-852 hedwig.cgi File Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the Web Management Interface component...

D-Link DIR-852 安全漏洞

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the Web Management Interface component...

The vulnerability of the sub_403794() function in the hedwig.cgi scenario of D-Link DIR-815 router software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the sub403794 function in the hedwig.cgi script of the D-Link DIR-815 router software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

The vulnerability in the hedwig.cgi script of D-Link DIR-859 router software allows a hacker to gain unauthorized access to protected information.

The vulnerability in the hedwig.cgi microprogramming system of D-Link DIR-859 relates to an incorrect restriction on the path name to the getcfg directory ../../.. /../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml, which provides limited access. Exploiting this vulnerability can allow an attacker to...

The vulnerability of the hedwig.cgi and pigwidgeon.cgi components of the D-Link DIR-868L router’s software allows a attacker to perform a CSRF attack.

The vulnerability of the hedwig.cgi and pigwidgeon.cgi components of the D-Link DIR-868L router software is related to the manipulation of inter-domain requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...

CVE-2013-7389

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlinkhedwigcgibof.rb 2018-05-29 15:50:33+00:00| seen|...

PT-2015-7105 · D Link · Dir-816L Wireless Router

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L Wireless Router versions prior to 2.06.B09 BETA Description: The issue allows remote attackers to hijack the authentication of administrators for requests, including changing the admin password and network policy, via crafted...