Shodan
Vulnerabilities
Vulnerable Software
Dlink:  >> Dir-645 Firmware  >> 1.03  Security Vulnerabilities
CVE-2023-36089
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-07-31
CVE-2022-32092
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.
CVSS Score
9.8
EPSS Score
0.038
Published
2022-06-27
CVE-2021-43722
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.
CVSS Score
9.8
EPSS Score
0.014
Published
2022-03-31
CVE-2013-7471
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
CVSS Score
9.8
EPSS Score
0.266
Published
2019-06-11
CVE-2015-2052
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.
CVSS Score
10.0
EPSS Score
0.089
Published
2015-02-23
CVE-2015-2051
Known exploited
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
CVSS Score
9.8
EPSS Score
0.909
Published
2015-02-23
CVE-2013-7389
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVSS Score
4.3
EPSS Score
0.802
Published
2014-07-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved