CVE-2025-70220
Stack Buffer Overflow in D-Link DIR-513 via curTime Parameter
Publication date: 2026-03-04
Last updated on: 2026-03-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70220 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. It occurs in the component that handles HTTP POST requests to the endpoint goform/formAutoDetecWAN_wizard4. The vulnerability arises because the curTime parameter is improperly processed using an unsafe sprintf function, which can overflow the stack buffer.
An attacker can exploit this by sending a specially crafted POST request with an excessively long curTime value, causing the buffer overflow.
How can this vulnerability impact me? :
This vulnerability could potentially allow an attacker to execute remote code or cause a denial of service on affected D-Link DIR-513 devices. By exploiting the stack buffer overflow, an attacker might gain control over the device or disrupt its normal operation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint goform/formAutoDetecWAN_wizard4 on the D-Link DIR-513 router, specifically targeting firmware version v1.10.'}, {'type': 'paragraph', 'content': 'The detection involves checking if the device improperly processes the curTime parameter in the POST request, which can cause a stack buffer overflow.'}, {'type': 'paragraph', 'content': 'A typical detection command would be to use curl or a similar HTTP client to send a POST request with an excessively long curTime value to the vulnerable endpoint.'}, {'type': 'list_item', 'content': 'curl -X POST http://<router-ip>/goform/formAutoDetecWAN_wizard4 -H "Content-Type: application/x-www-form-urlencoded" -d "curTime=$(python3 -c \'print("A"*500)\')"'}, {'type': 'paragraph', 'content': 'Replace <router-ip> with the IP address of the target device. If the device crashes, becomes unresponsive, or behaves abnormally after this request, it indicates the presence of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding exposure of the vulnerable D-Link DIR-513 router firmware v1.10 to untrusted networks, especially the internet.'}, {'type': 'paragraph', 'content': "Restrict access to the router's management interface by using firewall rules or network segmentation to limit who can send requests to the vulnerable endpoint."}, {'type': 'paragraph', 'content': 'Monitor network traffic for suspicious POST requests targeting goform/formAutoDetecWAN_wizard4 with unusually long curTime parameters.'}, {'type': 'paragraph', 'content': 'Check for firmware updates or patches from D-Link that address this vulnerability and apply them as soon as they become available.'}, {'type': 'paragraph', 'content': 'If no patch is available, consider replacing the device or disabling the vulnerable service if possible.'}] [1]