Dir-645 firmware

This hub aggregates every CVE we track for Dir-645 firmware, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 12 most recently published vulnerabilities affecting Dir-645 firmware.

• CVE-2025-10689D-Link DIR-645 soap.cgi soapcgi_main command injection6.3Sep 18, 2025
• CVE-2018-25115D-Link DIR-110/412/600/615/645/815 RCE via service.cgi9.8Aug 27, 2025
• CVE-2025-7192D-Link DIR-645 ssdpcgi cgibin ssdpcgi_main command injection6.3Jul 8, 2025
• CVE-2023-36089Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only af...9.8Jul 31, 2023
• CVE-2022-46475D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function.9.8Jan 17, 2023
• CVE-2022-32092D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.9.8Jun 27, 2022
• CVE-2021-43722D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.9.8Mar 31, 2022
• CVE-2020-25786webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported ...6.1Sep 19, 2020
• CVE-2013-7471An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Inj...9.8Jun 11, 2019
• CVE-2015-2052Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings...10.0Feb 23, 2015
• CVE-2015-2051The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.KEV8.8Feb 23, 2015
• CVE-2013-7389Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) devicei...4.3Jul 7, 2014