CVE-2025-70226
Stack Buffer Overflow in D-Link DIR-513 via curTime Parameter
Publication date: 2026-03-04
Last updated on: 2026-03-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70226 is a stack buffer overflow vulnerability in the D-Link DIR-513 router firmware version v1.10. It occurs in the component handling the endpoint goform/formEasySetupWizard, specifically through the curtime parameter.
The vulnerability happens because the curtime parameter is passed to a sprintf function without proper bounds checking, which allows an attacker to send an excessively long string that overflows the stack buffer.
This overflow can lead to arbitrary code execution or cause the device to crash, resulting in denial of service.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to execute arbitrary code on your D-Link DIR-513 router or cause it to crash.
Exploitation could lead to unauthorized control over the device, disruption of network services, or denial of service conditions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending a crafted HTTP POST request to the affected device's endpoint and observing its behavior. Specifically, the endpoint to test is /goform/formEasySetupWizard on the D-Link DIR-513 router firmware v1.10."}, {'type': 'paragraph', 'content': 'A detection method involves sending a POST request with the content type application/x-www-form-urlencoded and including an excessively long string in the curtime parameter. If the device is vulnerable, it may crash, behave unexpectedly, or show signs of buffer overflow.'}, {'type': 'paragraph', 'content': 'An example command using curl to test for the vulnerability is:'}, {'type': 'list_item', 'content': 'curl -X POST http://[router_ip]/goform/formEasySetupWizard -H "Content-Type: application/x-www-form-urlencoded" -d "curtime=$(python3 -c \'print("A"*1000)\')"'}, {'type': 'paragraph', 'content': "Replace [router_ip] with the IP address of the target device. The command sends a very long string of 'A's in the curtime parameter to trigger the overflow."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': "Avoid exposing the D-Link DIR-513 router's management interface to untrusted networks, especially the internet."}, {'type': 'list_item', 'content': 'Restrict access to the /goform/formEasySetupWizard endpoint by using firewall rules or access control lists to limit who can send requests.'}, {'type': 'list_item', 'content': 'Monitor the device for unusual crashes or behavior that could indicate exploitation attempts.'}, {'type': 'list_item', 'content': 'Check for any firmware updates or patches from D-Link addressing this vulnerability and apply them as soon as they become available.'}] [1]