CVE-2025-70237
Stack Buffer Overflow in D-Link DIR-513 Port Setting Module
Publication date: 2026-03-03
Last updated on: 2026-03-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70237 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. It occurs in the component handling the endpoint goform/formSetPortTr, where the curTime parameter is improperly processed.
The overflow happens due to unsafe use of the sprintf function when handling the curTime input, which can lead to memory corruption on the stack.
An attacker can exploit this by sending a crafted HTTP POST request with an excessively long curTime parameter value, triggering the buffer overflow condition.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to execute arbitrary code on the affected router or cause a denial of service by exploiting the stack buffer overflow.
Successful exploitation may lead to unauthorized control over the device, disruption of network services, or compromise of network security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious HTTP POST requests targeting the endpoint `/goform/formSetMACFilter` or `/goform/formSetPortTr` on the D-Link DIR-513 router. Specifically, look for requests containing an excessively long `curTime` parameter value, which is used to trigger the stack buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical detection method involves capturing network traffic and searching for POST requests with unusually large `curTime` parameter values.'}, {'type': 'list_item', 'content': 'Use a network packet capture tool like tcpdump or Wireshark to capture HTTP traffic to the router.'}, {'type': 'list_item', 'content': "Run a command such as: `tcpdump -A -s 0 'tcp port 80 and (((ip dst <router_ip>) and (tcp[32:4] = 0x504f5354)) or (tcp[((tcp[12]&0xf0)>>2):4] = 0x504f5354))'` to capture HTTP POST requests to the router."}, {'type': 'list_item', 'content': "Use grep or similar tools to filter captured traffic for the `curTime` parameter with unusually long values, for example: `grep -i 'curTime=' captured_traffic.txt | awk 'length($0) > 100'`."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable router's management interface to trusted networks only, such as limiting access to local LAN or specific IP addresses."}, {'type': 'paragraph', 'content': "Avoid exposing the router's HTTP management interface to the internet to reduce the risk of exploitation."}, {'type': 'paragraph', 'content': 'Monitor network traffic for suspicious POST requests targeting `/goform/formSetMACFilter` or `/goform/formSetPortTr` with large `curTime` parameters and block or alert on such traffic.'}, {'type': 'paragraph', 'content': 'Check for firmware updates from D-Link addressing this vulnerability and apply them as soon as they become available.'}] [1]