CVE-2025-70243
Stack Buffer Overflow in D-Link DIR-513 WAN Wizard Module
Publication date: 2026-03-09
Last updated on: 2026-03-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70243 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. The vulnerability exists in the component handling the endpoint goform/formSetWAN_Wizard534, where the curTime parameter is improperly processed.
The overflow occurs due to unsafe usage of the sprintf function in the code path goform/formSetWAN_Wizard534.curTime=>v3=>sprintf, allowing an attacker to send an excessively long curTime value via a POST request to /goform/formSetWAN_Wizard534.
This can lead to memory corruption on the stack, potentially enabling arbitrary code execution or denial of service.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to cause memory corruption on the device running the vulnerable firmware.
- Arbitrary code execution: An attacker could execute malicious code on the router.
- Denial of service: The router could crash or become unresponsive due to the overflow.
Such impacts could compromise the security and availability of your network device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for POST requests to the endpoint /goform/formSetWAN_Wizard534 that contain an unusually long curTime parameter.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture network traffic and filter for such POST requests with oversized curTime values, which may indicate an attempt to exploit the stack buffer overflow.'}, {'type': 'list_item', 'content': 'Use a network packet capture tool like tcpdump or Wireshark to monitor traffic to the router.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant HTTP POST requests: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /goform/formSetWAN_Wizard534'"}, {'type': 'list_item', 'content': 'Alternatively, use curl or similar tools to test the endpoint by sending a POST request with a very long curTime parameter to check if the device responds abnormally.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable endpoint and avoiding exposure of the router's management interface to untrusted networks."}, {'type': 'paragraph', 'content': 'Since the vulnerability arises from unsafe handling of the curTime parameter in firmware version v1.10, updating the router firmware to a patched version (if available) is the most effective mitigation.'}, {'type': 'paragraph', 'content': 'If a firmware update is not available, consider disabling remote management or placing the device behind a firewall to limit access.'}, {'type': 'paragraph', 'content': 'Monitoring for suspicious POST requests to /goform/formSetWAN_Wizard534 and blocking them can also help reduce risk.'}] [1]