CVE-2025-70221
Received Received - Intake
Stack Buffer Overflow in D-Link DIR-513 Login Causes Crash

Publication date: 2026-03-04

Last updated on: 2026-03-06

Assigner: MITRE

Description
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70221
EUVD
EUVD-2025-208290
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-513_firmware 1.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-70221 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. The vulnerability exists in the "goform/formLogin" component and is triggered via the "curTime" parameter.'}, {'type': 'paragraph', 'content': 'The issue occurs because the "curTime" parameter is improperly handled using the "sprintf" function, which leads to a stack buffer overflow condition when an excessively long value is provided.'}, {'type': 'paragraph', 'content': 'An attacker can exploit this by sending a specially crafted HTTP POST request with an oversized "curTime" value to the "/goform/formLogin" endpoint, potentially causing the device to execute arbitrary code or crash.'}] [1]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on the affected D-Link DIR-513 router or cause a denial of service by crashing the device.

Successful exploitation could lead to unauthorized control over the router, disruption of network services, or compromise of network security.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP POST requests to the "/goform/formLogin" endpoint on D-Link DIR-513 routers running firmware version v1.10. Specifically, look for requests where the "curTime" parameter contains an unusually long or malformed value that could trigger a stack buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze network traffic for suspicious POST requests targeting the vulnerable endpoint.'}, {'type': 'paragraph', 'content': 'Example commands to detect such attempts include using network packet capture tools like tcpdump or Wireshark with filters for the specific URI and parameter:'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formLogin'"}, {'type': 'list_item', 'content': 'Use a tool like curl or a custom script to send test POST requests with long "curTime" values to verify if the device is vulnerable.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the affected device's management interface to trusted networks only, such as limiting access via firewall rules or network segmentation."}, {'type': 'paragraph', 'content': "Avoid exposing the router's web management interface to untrusted networks or the internet."}, {'type': 'paragraph', 'content': 'If possible, update the device firmware to a version that addresses this vulnerability. If no patch is available, consider disabling the vulnerable service or replacing the device.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70221. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart