EUVD-2026-20809

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

D-Link DIR-852 hedwig.cgi File Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the Web Management Interface component...

The vulnerability of the sub_403794() function in the hedwig.cgi scenario of D-Link DIR-815 router software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the sub403794 function in the hedwig.cgi script of the D-Link DIR-815 router software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

The vulnerability in the hedwig.cgi script of D-Link DIR-859 router software allows a hacker to gain unauthorized access to protected information.

The vulnerability in the hedwig.cgi microprogramming system of D-Link DIR-859 relates to an incorrect restriction on the path name to the getcfg directory ../../.. /../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml, which provides limited access. Exploiting this vulnerability can allow an attacker to...