CVE-2025-70232
Stack Buffer Overflow in D-Link DIR-513 MAC Filter Module
Publication date: 2026-03-05
Last updated on: 2026-03-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70232 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. It occurs in the handling of an HTTP POST request to the endpoint goform/formSetMACFilter, where the curTime parameter is improperly processed.
The vulnerability arises because the code uses the unsafe sprintf function to process the curTime parameter, which allows an attacker to send an excessively long curTime value. This causes memory corruption on the stack.
Exploiting this overflow can potentially enable arbitrary code execution or cause a denial of service on the affected device.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to execute arbitrary code on your D-Link DIR-513 router or cause it to crash, resulting in denial of service.
If exploited, the attacker could gain control over the device, potentially disrupting your network connectivity or using the router as a foothold for further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for HTTP POST requests sent to the endpoint /goform/formSetMACFilter that contain an unusually long or excessively large value in the curTime parameter.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze network traffic or logs for such POST requests with large curTime values, which indicate attempts to exploit the stack buffer overflow.'}, {'type': 'paragraph', 'content': 'For example, using command-line tools like curl or wget, you can simulate the exploit by sending a POST request with a very long curTime parameter to test if the system is vulnerable.'}, {'type': 'list_item', 'content': 'curl -X POST http://<router-ip>/goform/formSetMACFilter -H "Content-Type: application/x-www-form-urlencoded" -d "curTime=$(python3 -c \'print("A"*1000)\')"'}, {'type': 'list_item', 'content': 'Use network monitoring tools like tcpdump or Wireshark to filter HTTP POST requests to /goform/formSetMACFilter and inspect the curTime parameter length.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /goform/formSetMACFilter to trusted users or networks only.
If possible, disable or block HTTP POST requests to this endpoint at the network firewall or router configuration level to prevent exploitation.
Monitor for suspicious POST requests with large curTime parameters and respond by blocking offending IP addresses.
Check for firmware updates or patches from the vendor that address this vulnerability and apply them as soon as they become available.