CVE-2025-70220
Received Received - Intake
Stack Buffer Overflow in D-Link DIR-513 via curTime Parameter

Publication date: 2026-03-04

Last updated on: 2026-03-06

Assigner: MITRE

Description
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70220
EUVD
EUVD-2025-208285
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-513_firmware 1.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-70220 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. It occurs in the component that handles HTTP POST requests to the endpoint goform/formAutoDetecWAN_wizard4. The vulnerability arises because the curTime parameter is improperly processed using an unsafe sprintf function, which can overflow the stack buffer.

An attacker can exploit this by sending a specially crafted POST request with an excessively long curTime value, causing the buffer overflow.

Impact Analysis

This vulnerability could potentially allow an attacker to execute remote code or cause a denial of service on affected D-Link DIR-513 devices. By exploiting the stack buffer overflow, an attacker might gain control over the device or disrupt its normal operation.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint goform/formAutoDetecWAN_wizard4 on the D-Link DIR-513 router, specifically targeting firmware version v1.10.'}, {'type': 'paragraph', 'content': 'The detection involves checking if the device improperly processes the curTime parameter in the POST request, which can cause a stack buffer overflow.'}, {'type': 'paragraph', 'content': 'A typical detection command would be to use curl or a similar HTTP client to send a POST request with an excessively long curTime value to the vulnerable endpoint.'}, {'type': 'list_item', 'content': 'curl -X POST http://<router-ip>/goform/formAutoDetecWAN_wizard4 -H "Content-Type: application/x-www-form-urlencoded" -d "curTime=$(python3 -c \'print("A"*500)\')"'}, {'type': 'paragraph', 'content': 'Replace <router-ip> with the IP address of the target device. If the device crashes, becomes unresponsive, or behaves abnormally after this request, it indicates the presence of the vulnerability.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding exposure of the vulnerable D-Link DIR-513 router firmware v1.10 to untrusted networks, especially the internet.'}, {'type': 'paragraph', 'content': "Restrict access to the router's management interface by using firewall rules or network segmentation to limit who can send requests to the vulnerable endpoint."}, {'type': 'paragraph', 'content': 'Monitor network traffic for suspicious POST requests targeting goform/formAutoDetecWAN_wizard4 with unusually long curTime parameters.'}, {'type': 'paragraph', 'content': 'Check for firmware updates or patches from D-Link that address this vulnerability and apply them as soon as they become available.'}, {'type': 'paragraph', 'content': 'If no patch is available, consider replacing the device or disabling the vulnerable service if possible.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70220. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart