CVE-2025-46108
Buffer Overflow in D-Link Dir-513 formTcpipSetup Function
Publication date: 2026-03-04
Last updated on: 2026-03-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-46108 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version 1.10 (DIR513A1_FW110WWb01).
The vulnerability exists in the function formTcpipSetup, which handles HTTP POST requests to the endpoint goform/formTcpipSetup.
It occurs because the curTime parameter is improperly handled using sprintf, which does not limit the length of input, leading to a stack buffer overflow when an excessively long curTime value is provided.
This overflow can be triggered by sending a specially crafted POST request with a very long curTime parameter.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to execute arbitrary code on the affected D-Link DIR-513 router.
Alternatively, it could cause a denial of service (DoS) condition, making the device unavailable or unstable.
Such impacts could compromise the security and availability of your network if the vulnerable device is exploited.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a specially crafted HTTP POST request to the endpoint goform/formTcpipSetup on the D-Link DIR-513 router, specifically targeting the curTime parameter with an excessively long input string.'}, {'type': 'paragraph', 'content': 'A detection command example using curl would be to send a POST request with a very long curTime value to test for the buffer overflow condition.'}, {'type': 'list_item', 'content': 'curl -X POST http://<router-ip>/goform/formTcpipSetup -d "curTime=$(python -c \'print("A"*1000)\')"'}, {'type': 'paragraph', 'content': 'If the device crashes, becomes unresponsive, or behaves abnormally after this request, it indicates the presence of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding sending or accepting HTTP POST requests to the goform/formTcpipSetup endpoint with untrusted or excessively long curTime parameters.'}, {'type': 'paragraph', 'content': "Restrict access to the router's management interface from untrusted networks to prevent exploitation."}, {'type': 'paragraph', 'content': 'Monitor the device for unusual behavior or crashes that may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Check for firmware updates or patches from D-Link that address this vulnerability and apply them as soon as they become available.'}] [1]