CVE-2025-8184
BaseFortify
Publication date: 2025-07-26
Last updated on: 2025-07-31
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | From 1.0 (inc) to 1.10 (inc) |
| dlink | dir-513 | a1 |
| dlink | dir-513 | a2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8184 is a critical stack-based buffer overflow vulnerability in the D-Link DIR-513 router firmware up to version 1.10. It occurs in the HTTP POST request handler, specifically in the formSetWanL2TPcallback function accessed via the /goform/formSetWanL2TP endpoint. The vulnerability arises because the parameter curTime from the POST request is passed to a sprintf function without length validation, allowing an attacker to overflow a stack buffer by sending an excessively large value. This can crash the web service or potentially allow remote code execution. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to cause a denial-of-service (DoS) by crashing the router's web service or, with further exploitation, gain shell access to the device. This compromises the confidentiality, integrity, and availability of the affected device. Since the device is no longer supported, no mitigations are available, and exploitation is considered easy. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP POST requests to the endpoint /goform/formSetWanL2TP that contain unusually large or malformed curTime parameters, which may trigger the stack-based buffer overflow. Network intrusion detection systems (NIDS) can be configured to alert on such suspicious POST requests. Specific commands are not provided in the resources, but using tools like curl or wget to send crafted POST requests to /goform/formSetWanL2TP and observing the device's response or crash behavior can help detect the vulnerability. Additionally, scanning for devices running D-Link DIR-513 firmware version 1.10 or earlier can help identify vulnerable systems. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Since the affected D-Link DIR-513 devices are no longer supported by the vendor and no known mitigations or patches are available, the recommended immediate step is to replace the vulnerable device with a supported alternative product. Avoid exposing the device's web service to untrusted networks to reduce the risk of remote exploitation. Network segmentation and firewall rules blocking access to the /goform/formSetWanL2TP endpoint can also help mitigate exposure until replacement is possible. [2]