CVE-2025-70232
Undergoing Analysis Undergoing Analysis - In Progress
Stack Buffer Overflow in D-Link DIR-513 MAC Filter Module

Publication date: 2026-03-05

Last updated on: 2026-03-06

Assigner: MITRE

Description
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-70232
EUVD
EUVD-2025-208319
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-513_firmware 1.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-70232 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. It occurs in the handling of an HTTP POST request to the endpoint goform/formSetMACFilter, where the curTime parameter is improperly processed.

The vulnerability arises because the code uses the unsafe sprintf function to process the curTime parameter, which allows an attacker to send an excessively long curTime value. This causes memory corruption on the stack.

Exploiting this overflow can potentially enable arbitrary code execution or cause a denial of service on the affected device.

Impact Analysis

This vulnerability can impact you by allowing an attacker to execute arbitrary code on your D-Link DIR-513 router or cause it to crash, resulting in denial of service.

If exploited, the attacker could gain control over the device, potentially disrupting your network connectivity or using the router as a foothold for further attacks.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for HTTP POST requests sent to the endpoint /goform/formSetMACFilter that contain an unusually long or excessively large value in the curTime parameter.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze network traffic or logs for such POST requests with large curTime values, which indicate attempts to exploit the stack buffer overflow.'}, {'type': 'paragraph', 'content': 'For example, using command-line tools like curl or wget, you can simulate the exploit by sending a POST request with a very long curTime parameter to test if the system is vulnerable.'}, {'type': 'list_item', 'content': 'curl -X POST http://<router-ip>/goform/formSetMACFilter -H "Content-Type: application/x-www-form-urlencoded" -d "curTime=$(python3 -c \'print("A"*1000)\')"'}, {'type': 'list_item', 'content': 'Use network monitoring tools like tcpdump or Wireshark to filter HTTP POST requests to /goform/formSetMACFilter and inspect the curTime parameter length.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint /goform/formSetMACFilter to trusted users or networks only.

If possible, disable or block HTTP POST requests to this endpoint at the network firewall or router configuration level to prevent exploitation.

Monitor for suspicious POST requests with large curTime parameters and respond by blocking offending IP addresses.

Check for firmware updates or patches from the vendor that address this vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70232. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart