Vulnerabilities > Dlink > DIR 645 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2023-36089 Incorrect Authorization vulnerability in Dlink Dir-645 Firmware 1.03
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin.
network
low complexity
dlink CWE-863
critical
9.8
2023-01-17 CVE-2022-46475 Out-of-bounds Write vulnerability in Dlink Dir-645 Firmware 1.06B01Beta01
D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.
network
low complexity
dlink CWE-787
critical
9.8
2022-06-27 CVE-2022-32092 OS Command Injection vulnerability in Dlink Dir-645 Firmware 1.03
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.
network
low complexity
dlink CWE-78
critical
9.8
2022-03-31 CVE-2021-43722 Out-of-bounds Write vulnerability in Dlink Dir-645 Firmware 1.03
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow.
network
low complexity
dlink CWE-787
7.5
2020-09-19 CVE-2020-25786 Cross-site Scripting vulnerability in Dlink products
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header.
network
low complexity
dlink CWE-79
6.1
2019-06-11 CVE-2013-7471 Command Injection vulnerability in Dlink products
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev.
network
low complexity
dlink CWE-77
7.5