CVE-2025-70236
Stack Buffer Overflow in D-Link DIR-513 Domain Filter Module
Publication date: 2026-03-03
Last updated on: 2026-03-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70236 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. The issue occurs in the component handling the endpoint goform/formSetDomainFilter, where the curTime parameter is improperly processed.
The vulnerability arises due to unsafe use of the sprintf function when handling the curTime input, which can lead to memory corruption on the stack.
An attacker can exploit this by sending an excessively long string in the curTime parameter via an HTTP POST request to the /goform/formSetDomainFilter endpoint, causing the buffer overflow.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to execute arbitrary code on the affected device or cause a denial of service (DoS).
Exploitation of this flaw could lead to unauthorized control over the router, potentially disrupting network services or compromising network security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP POST requests to the endpoint /goform/formSetDomainFilter on the D-Link DIR-513 router firmware v1.10.'}, {'type': 'paragraph', 'content': 'Specifically, detection involves checking for unusually long or malformed values in the curTime parameter, which is exploited to trigger the stack buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical approach is to capture network traffic and filter for POST requests targeting /goform/formSetDomainFilter, then inspect the curTime parameter length.'}, {'type': 'list_item', 'content': 'Use a network packet capture tool like tcpdump or Wireshark to capture HTTP POST requests to the vulnerable endpoint.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /goform/formSetDomainFilter'"}, {'type': 'list_item', 'content': 'Analyze captured HTTP POST data for the curTime parameter with abnormally long strings.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting access to the vulnerable endpoint and preventing exploitation attempts.'}, {'type': 'list_item', 'content': 'Block or filter HTTP POST requests to /goform/formSetDomainFilter at the network perimeter or router firewall.'}, {'type': 'list_item', 'content': "Limit access to the router's management interface to trusted IP addresses only."}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious POST requests with unusually long curTime parameter values.'}, {'type': 'paragraph', 'content': 'Since this vulnerability is due to unsafe handling of input in firmware version v1.10, check for and apply any available firmware updates or patches from D-Link.'}] [1]