CVE-2025-70225
Stack Buffer Overflow in D-Link DIR-513 goform Component
Publication date: 2026-03-04
Last updated on: 2026-03-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability could potentially allow an attacker to execute arbitrary code on the affected device or cause a denial of service (DoS).
Exploitation of this flaw could lead to unauthorized control over the router or disruption of its normal operation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2025-70225 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. The vulnerability exists in the component that handles HTTP POST requests to the endpoint goform/formEasySetupWWConfig, particularly via the curtime parameter.
The issue occurs because the curtime parameter is processed using the sprintf function without proper bounds checking, which leads to a stack buffer overflow when an excessively long string is sent.
A proof-of-concept demonstrates that sending a very long string in the curtime parameter within a POST request to /goform/formEasySetupWWConfig triggers this overflow.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /goform/formEasySetupWWConfig on the D-Link DIR-513 router, specifically targeting the curtime parameter with an excessively long string. Monitoring for such unusual POST requests or attempts to exploit the curtime parameter can help identify the presence of this vulnerability.'}, {'type': 'paragraph', 'content': 'A possible detection command using curl could be:'}, {'type': 'list_item', 'content': 'curl -X POST http://<router-ip>/goform/formEasySetupWWConfig -d "curtime=$(python3 -c \'print("A"*1000)\')"'}, {'type': 'paragraph', 'content': 'This command sends a POST request with a very long string in the curtime parameter, which can be used to test if the device is vulnerable by observing its response or behavior.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
I don't know