CVE-2025-8168
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-31
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
| dlink | dir-513 | a1 |
| dlink | dir-513 | a2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8168 is a critical buffer overflow vulnerability in the D-Link DIR-513 router running firmware version 1.10. It occurs in the function websAspInit within the /goform/formSetWanPPPoE endpoint, where the argument curTime is processed without validating its length. This allows an attacker to send an excessively long input that overflows a stack-allocated buffer, potentially causing the device to crash or enabling further exploitation such as gaining shell access remotely. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to cause a denial of service on the affected router or potentially gain unauthorized shell access, compromising the device's confidentiality, integrity, and availability. Since the affected product is no longer supported and no mitigations exist, the risk is significant, and the device should be replaced to avoid exploitation. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for POST requests to the endpoint /goform/formSetWanPPPoE containing unusually long or malformed curTime parameters, which may indicate an attempted buffer overflow exploit. Network intrusion detection systems (NIDS) can be configured to alert on such suspicious POST requests. Additionally, inspecting logs for repeated or abnormal access to /goform/formSetWanPPPoE may help identify exploitation attempts. Specific commands depend on your environment, but for example, using curl to test the endpoint with a long curTime parameter can help verify vulnerability: curl -X POST http://<router-ip>/goform/formSetWanPPPoE -d "curTime=$(python3 -c 'print("A"*500)')". Network monitoring tools like tcpdump or Wireshark can capture traffic to analyze such requests. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Since the affected D-Link DIR-513 router version 1.10 is no longer supported and no known mitigations or patches exist, the immediate recommended step is to replace the affected router with a supported alternative device. Avoid exposing the device to untrusted networks and restrict remote access if possible. Network segmentation and firewall rules can help limit exposure. Monitoring for exploit attempts and disabling vulnerable services, if feasible, may reduce risk but do not fully mitigate the vulnerability. [2]