Description
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.
Published: 2026-03-12
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Stack Buffer Overflow
Action: Patch
AI Analysis

Impact

The vulnerability is a stack buffer overflow in the D‑Link DIR‑513 firmware version 1.10, triggered by the curTime parameter sent to the goform/formSetWizardSelectMode endpoint. As a result of the out‑of‑bounds write (CWE‑121) and related buffer over‑read/write (CWE‑787), the stack can be corrupted; the description does not explicitly state the exact outcome, but such an overflow may allow an attacker to execute arbitrary code, therefore this is an inferred potential impact.

Affected Systems

Affected devices are D‑Link DIR‑513 routers running firmware version 1.10. The common platform enumeration strings reference only this model and firmware build; no other versions are listed as vulnerable based on the available data.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. The EPSS score of less than 1 % suggests a low probability that the flaw has already been exploited in the wild. This vulnerability is not included in the CISA KEV catalog. The information suggests the issue is reachable via the router’s web interface; it is inferred that an attacker can contact the goform/formSetWizardSelectMode endpoint remotely to trigger the overflow. The CVE description does not specify whether authentication is required, but it is inferred that administrative access may be necessary, though this is not confirmed by the provided data.

Generated by OpenCVE AI on March 18, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from D‑Link that addresses the buffer overflow vulnerability.
  • If no update is available, restrict or block external access to the |goform/formSetWizardSelectMode| endpoint using firewall or ACLs.
  • Disable remote management features on the router until a security fix is released.
  • Monitor router logs for suspicious or malformed requests and review security events regularly.

Generated by OpenCVE AI on March 18, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in D-Link DIR-513 v1.10 via curTime Parameter

Fri, 13 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-513
Dlink dir-513 Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:dlink:dir-513:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-513_firmware:1.10:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-513
Dlink dir-513 Firmware

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-513
Vendors & Products D-link
D-link dir-513

Thu, 12 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Description Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.
References

Subscriptions

D-link Dir-513
Dlink Dir-513 Dir-513 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-12T21:07:56.466Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-70245

cve-icon Vulnrichment

Updated: 2026-03-12T20:59:01.866Z

cve-icon NVD

Status : Modified

Published: 2026-03-12T19:16:15.803

Modified: 2026-03-13T19:53:53.807

Link: CVE-2025-70245

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:36:34Z

Weaknesses