CVE-2025-70241
Stack Buffer Overflow in D-Link DIR-513 WAN Setup Module
Publication date: 2026-03-03
Last updated on: 2026-03-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70241 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version 1.10. The vulnerability exists in the component handling the endpoint goform/formSetWANType_Wizard5 and is triggered via the curTime parameter.
The overflow occurs because the input provided in the curTime parameter is not properly limited when processed by a sprintf operation, allowing an attacker to overflow the stack buffer.
An attacker can exploit this by sending a specially crafted HTTP POST request with a large payload in the curTime parameter to the vulnerable endpoint, which can cause the device to crash or potentially allow execution of arbitrary code.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to cause a denial of service by crashing the D-Link DIR-513 router or potentially execute arbitrary code on the device.
Exploitation could lead to loss of device availability or unauthorized control over the router, which may compromise the security and functionality of your network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a crafted HTTP POST request to the vulnerable endpoint on the D-Link DIR-513 router. Specifically, the endpoint is `/goform/formSetWANType_Wizard5` and the exploit is triggered via the `curTime` parameter.'}, {'type': 'paragraph', 'content': "A detection method involves sending a POST request with a large payload in the `curTime` parameter and observing the device's response or behavior for signs of buffer overflow or crash."}, {'type': 'paragraph', 'content': 'An example command using curl to test for the vulnerability could be:'}, {'type': 'list_item', 'content': 'curl -X POST http://[router_ip]/goform/formSetWANType_Wizard5 -d "curTime=$(python3 -c \'print("A"*1000)\')"'}, {'type': 'paragraph', 'content': 'Replace `[router_ip]` with the IP address of the target router. Sending this request with a large string in `curTime` may cause the device to crash or behave abnormally if vulnerable.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding exposure of the vulnerable D-Link DIR-513 router to untrusted networks, especially the internet.'}, {'type': 'paragraph', 'content': "Restrict access to the router's management interface to trusted hosts only, using firewall rules or network segmentation."}, {'type': 'paragraph', 'content': 'Monitor the device for unusual behavior or crashes that may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'If available, update the router firmware to a version that patches this vulnerability. Since the vulnerability is in firmware version 1.10, check with D-Link for any security updates or advisories.'}, {'type': 'paragraph', 'content': 'As a temporary workaround, disable or restrict access to the `/goform/formSetWANType_Wizard5` endpoint if possible.'}] [1]