CVE-2026-5024
Stack-Based Buffer Overflow in D-Link DIR-513 Remote Form Handler
Publication date: 2026-03-29
Last updated on: 2026-03-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-513_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5024 is a stack-based buffer overflow vulnerability found in the D-Link DIR-513 router firmware version 1.10. It occurs in the embedded web server component called "boa," specifically in the formSetEmail function. This function processes a user-supplied parameter named config.smtp_email_subject, which is copied into a buffer using the sprintf function without proper bounds checking. As a result, an attacker can send a crafted HTTP POST request with an excessively long config.smtp_email_subject value to the /goform/formSetEmail endpoint, causing the stack buffer to overflow.
This vulnerability can be exploited remotely by sending a specially crafted request, potentially allowing denial of service or remote code execution on the affected device.
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to a denial of service or remote code execution on the affected D-Link DIR-513 router. This means an attacker could disrupt the normal operation of the device or gain control over it remotely, potentially compromising the security and availability of your network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP POST requests sent to the /goform/formSetEmail endpoint containing an unusually long or crafted config.smtp_email_subject parameter. Such requests may indicate attempts to exploit the stack-based buffer overflow.
A practical detection method is to capture and analyze network traffic targeting the D-Link DIR-513 router's web server, specifically looking for POST requests with large payloads in the config.smtp_email_subject field.
Example commands to detect potential exploitation attempts include using tools like tcpdump or tshark to filter HTTP POST requests to the vulnerable endpoint:
- tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formSetEmail'
- tshark -i <interface> -Y 'http.request.method == "POST" and http.request.uri contains "/goform/formSetEmail"' -T fields -e http.file_data
Inspect the captured POST data for abnormally long or suspicious values in the config.smtp_email_subject parameter, which could indicate an exploit attempt.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable device's web interface to trusted networks only, such as by using firewall rules or network segmentation.
Since the affected D-Link DIR-513 firmware version 1.10 is no longer supported by the maintainer, no official patches are available. Therefore, consider disabling remote management features or the embedded web server if possible.
Monitor network traffic for suspicious POST requests to /goform/formSetEmail and block or alert on such activity.
Ultimately, replacing the vulnerable device with a supported model that receives security updates is recommended to fully mitigate the risk.