CVE-2025-70250
Stack Buffer Overflow in D-Link DIR-513 via curTime Parameter
Publication date: 2026-03-09
Last updated on: 2026-03-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70250 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router, specifically in firmware version v1.10. The vulnerability occurs in the handling of an HTTP POST request to the endpoint goform/formdumpeasysetup, where the curTime parameter is processed without proper bounds checking.
The curTime parameter is passed to a sprintf function without adequate validation, which can cause a stack buffer overflow when an excessively long value is sent. This overflow can be exploited by an attacker to potentially execute arbitrary code or cause the device to crash.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to execute arbitrary code on your D-Link DIR-513 router or cause a denial of service condition.
Exploitation could lead to unauthorized control over the device, disruption of network services, or compromise of network security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP POST requests sent to the endpoint goform/formdumpeasysetup on D-Link DIR-513 routers running firmware version v1.10.'}, {'type': 'paragraph', 'content': 'Specifically, detection involves checking for unusually long or malformed curTime parameter values in POST requests, which are indicative of attempts to exploit the stack buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical approach is to capture network traffic targeting the router and filter for POST requests to the vulnerable endpoint.'}, {'type': 'list_item', 'content': 'Use a network packet capture tool like tcpdump or Wireshark to monitor traffic.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant HTTP POST requests: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /goform/formdumpeasysetup'"}, {'type': 'list_item', 'content': 'Inspect captured POST requests for the curTime parameter with abnormally long values.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint and preventing exploitation attempts.
- Block or filter HTTP POST requests to the endpoint goform/formdumpeasysetup on the affected D-Link DIR-513 router.
- Implement network-level access controls to limit management interface access to trusted hosts only.
- Monitor network traffic for suspicious POST requests with unusually long curTime parameters and block such traffic.
Since no official patch or CVSS score is provided, consider isolating the device from untrusted networks until a firmware update or vendor fix is available.