CVE-2025-70218
Stack Buffer Overflow in D-Link DIR-513 goform/formAdvFirewall
Publication date: 2026-03-04
Last updated on: 2026-03-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70218 is a stack buffer overflow vulnerability in the D-Link DIR-513 router firmware version v1.10. It occurs in the component that handles the endpoint /goform/formAdvFirewall. The vulnerability is triggered by sending an excessively long payload via an HTTP POST request to this endpoint, specifically by including an overly long string in the curTime parameter without proper input validation.
This lack of input validation allows the buffer to overflow, which can lead to unexpected behavior such as arbitrary code execution or denial of service on the affected device.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to execute arbitrary code on your D-Link DIR-513 router or cause a denial of service condition. This means the attacker could potentially take control of the device, disrupt its normal operation, or make it unavailable.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending a specially crafted HTTP POST request to the affected device's /goform/formAdvFirewall endpoint and observing its response or behavior."}, {'type': 'paragraph', 'content': 'A detection command example using curl would be to send a POST request with a Content-Type of application/x-www-form-urlencoded including the parameter settingsChanged=1 and an excessively long string in the curTime parameter to test for buffer overflow.'}, {'type': 'list_item', 'content': 'curl -X POST http://<target-ip>/goform/formAdvFirewall -H "Content-Type: application/x-www-form-urlencoded" -d "settingsChanged=1&curTime=$(python3 -c \'print("A"*1000)\')"'}, {'type': 'paragraph', 'content': 'If the device crashes, behaves unexpectedly, or returns an error, it may be vulnerable to this buffer overflow.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the affected device's management interface to trusted networks only."}, {'type': 'paragraph', 'content': 'Avoid sending POST requests to the /goform/formAdvFirewall endpoint from untrusted sources.'}, {'type': 'paragraph', 'content': 'If available, update the device firmware to a version that patches this vulnerability.'}, {'type': 'paragraph', 'content': 'If no patch is available, consider disabling remote management features or isolating the device from untrusted networks to reduce exposure.'}] [1]