CVE-2026-5024
Received Received - Intake
Stack-Based Buffer Overflow in D-Link DIR-513 Remote Form Handler

Publication date: 2026-03-29

Last updated on: 2026-03-30

Assigner: VulDB

Description
A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-29
Last Modified
2026-03-30
Generated
2026-06-16
AI Q&A
2026-03-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5024
EUVD
EUVD-2026-16969
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-513_firmware 1.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5024 is a stack-based buffer overflow vulnerability found in the D-Link DIR-513 router firmware version 1.10. It occurs in the embedded web server component called "boa," specifically in the formSetEmail function. This function processes a user-supplied parameter named config.smtp_email_subject, which is copied into a buffer using the sprintf function without proper bounds checking. As a result, an attacker can send a crafted HTTP POST request with an excessively long config.smtp_email_subject value to the /goform/formSetEmail endpoint, causing the stack buffer to overflow.

This vulnerability can be exploited remotely by sending a specially crafted request, potentially allowing denial of service or remote code execution on the affected device.

Impact Analysis

Exploiting this vulnerability can lead to a denial of service or remote code execution on the affected D-Link DIR-513 router. This means an attacker could disrupt the normal operation of the device or gain control over it remotely, potentially compromising the security and availability of your network.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP POST requests sent to the /goform/formSetEmail endpoint containing an unusually long or crafted config.smtp_email_subject parameter. Such requests may indicate attempts to exploit the stack-based buffer overflow.

A practical detection method is to capture and analyze network traffic targeting the D-Link DIR-513 router's web server, specifically looking for POST requests with large payloads in the config.smtp_email_subject field.

Example commands to detect potential exploitation attempts include using tools like tcpdump or tshark to filter HTTP POST requests to the vulnerable endpoint:

  • tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formSetEmail'
  • tshark -i <interface> -Y 'http.request.method == "POST" and http.request.uri contains "/goform/formSetEmail"' -T fields -e http.file_data

Inspect the captured POST data for abnormally long or suspicious values in the config.smtp_email_subject parameter, which could indicate an exploit attempt.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable device's web interface to trusted networks only, such as by using firewall rules or network segmentation.

Since the affected D-Link DIR-513 firmware version 1.10 is no longer supported by the maintainer, no official patches are available. Therefore, consider disabling remote management features or the embedded web server if possible.

Monitor network traffic for suspicious POST requests to /goform/formSetEmail and block or alert on such activity.

Ultimately, replacing the vulnerable device with a supported model that receives security updates is recommended to fully mitigate the risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5024. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart