CVE-2025-70230
Stack Buffer Overflow in D-Link DIR-513 DDNS Function
Publication date: 2026-03-05
Last updated on: 2026-03-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70230 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version 1.10. The vulnerability exists in the component handling the endpoint goform/formSetDDNS, where the curTime parameter is improperly processed.
The issue arises due to unsafe use of the sprintf function, which allows an attacker to overflow the stack buffer by sending an excessively long string in the curTime parameter.
An attacker can exploit this by sending a crafted HTTP POST request with a very large payload in the curTime field, causing the buffer overflow.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution or denial of service on the affected D-Link DIR-513 device.
An attacker exploiting this flaw could potentially take control of the router or cause it to crash, disrupting network connectivity and security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious HTTP POST requests targeting the endpoint /goform/formSetDDNS or /goform/formSchedule on D-Link DIR-513 routers running firmware version 1.10.'}, {'type': 'paragraph', 'content': 'Specifically, detection involves identifying POST requests with an excessively long or malformed curTime parameter, which is used to trigger the stack buffer overflow.'}, {'type': 'list_item', 'content': 'Use network traffic analysis tools like tcpdump or Wireshark to capture HTTP POST requests to /goform/formSetDDNS or /goform/formSchedule.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant HTTP POST requests: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'POST /goform/formSetDDNS'"}, {'type': 'list_item', 'content': 'Inspect captured requests for unusually large or suspicious curTime parameter values in the POST data.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the affected router's management interface to trusted networks only, such as limiting access via firewall rules or network segmentation."}, {'type': 'paragraph', 'content': 'Additionally, monitor and block HTTP POST requests to the /goform/formSetDDNS and /goform/formSchedule endpoints that contain unusually large curTime parameter values.'}, {'type': 'paragraph', 'content': 'If possible, disable remote management features on the router to reduce exposure.'}, {'type': 'paragraph', 'content': 'Finally, check for firmware updates or patches from D-Link addressing this vulnerability and apply them as soon as they become available.'}] [1]