Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Dir-645 Firmware Security Vulnerabilities

cve
cve

CVE-2013-7389

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter ...

6AI Score

0.021EPSS

2014-07-07 02:55 PM
44
cve
cve

CVE-2013-7471

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element ...

9.8CVSS

9.6AI Score

0.036EPSS

2019-06-11 09:29 PM
90
2
cve
cve

CVE-2015-2051

The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

9.8CVSS

9.5AI Score

0.969EPSS

2015-02-23 05:59 PM
908
In Wild
cve
cve

CVE-2015-2052

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.

9AI Score

0.07EPSS

2015-02-23 05:59 PM
31
cve
cve

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet...

6.1CVSS

6AI Score

0.001EPSS

2020-09-19 08:15 PM
27
cve
cve

CVE-2021-43722

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.

9.8CVSS

9.4AI Score

0.002EPSS

2022-03-31 09:15 PM
55
cve
cve

CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.

9.8CVSS

9.8AI Score

0.002EPSS

2022-06-27 10:15 PM
41
4
cve
cve

CVE-2022-46475

D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.

9.8CVSS

9.6AI Score

0.002EPSS

2023-01-17 09:15 PM
23
cve
cve

CVE-2023-36089

Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

9.8CVSS

9.5AI Score

0.002EPSS

2023-07-31 02:15 PM
34