CVE-2026-3978 - Vulnerability Details

Description

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

Published: 2026-03-12

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in the D-Link DIR‑513 firmware 1.10, specifically within the /goform/formEasySetupWizard3 endpoint. Manipulating the wan_connected argument triggers a stack‑based buffer overflow, which can allow an attacker to execute arbitrary code. This type of flaw is classified under CWE‑119 (Buffer Overflow) and CWE‑121 (Stack-Based Buffer Overflow). The direct effect is the compromise of confidentiality, integrity and availability of the device, potentially giving an attacker full control over the router.

Affected Systems

The affected system is the D‑Link DIR‑513 router running firmware version 1.10. The product is identified by the CPE strings "cpe:2.3:h:dlink:dir‑513:-:*:*:*:*:*:*:*" and "cpe:2.3:o:dlink:dir‑513_firmware:1.10:*:*:*:*:*:*:". Only this firmware build is listed as vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity, and the EPSS score of less than 1% suggests a low likelihood of widespread exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the exploit can be launched remotely via the /goform/formEasySetupWizard3 interface, implying a remote attack vector. Attackers would need network access to the router’s management interface to send a crafted WAN-connected request, leading to a stack-based buffer overflow and remote code execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-513

affected

Version	Status	Constraints
`1.10`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-513_firmware:1.10:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-513:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

D-link

Dir-513

100%

Version	Status	Scheme	Platform
`1.10`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the current firmware version of the D‑Link DIR‑513 router.
Visit the official D‑Link website or trusted security advisories for any firmware updates or advisories related to CVE‑2026‑3978.
If an updated firmware version is available, perform a firmware upgrade following D‑Link’s instructions.
If no patch is available, restrict remote access to the router’s management interface (for example, disable WAN access to the /goform endpoint).
Continuously monitor router logs for any suspicious activity or attempted exploitation attempts.

Generated by OpenCVE AI on March 17, 2026 at 16:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_21/README.md
https://vuldb.com/?ctiid.350413
https://vuldb.com/?id.350413
https://vuldb.com/?submit.769586
https://www.dlink.com/

History

Mon, 16 Mar 2026 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-513 Dlink dir-513 Firmware
CPEs		cpe:2.3:h:dlink:dir-513:-:::::::* cpe:2.3:o:dlink:dir-513_firmware:1.10:::::::*
Vendors & Products		Dlink Dlink dir-513 Dlink dir-513 Firmware

Fri, 13 Mar 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-513
Vendors & Products		D-link D-link dir-513

Thu, 12 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 12 Mar 2026 03:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Title		D-Link DIR-513 formEasySetupWizard3 stack-based overflow
Weaknesses		CWE-119 CWE-121
References		https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_21/README.md https://vuldb.com/?ctiid.350413 https://vuldb.com/?id.350413 https://vuldb.com/?submit.769586 https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-513

Dlink Dir-513 Dir-513 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-12T03:32:10.044Z

Updated: 2026-03-12T16:17:30.987Z

Reserved: 2026-03-11T14:22:33.402Z

Link: CVE-2026-3978

Vulnrichment

Updated: 2026-03-12T13:45:54.256Z

NVD

Status : Analyzed

Published: 2026-03-12T04:16:40.173

Modified: 2026-03-16T17:59:57.417

Link: CVE-2026-3978

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-20T15:36:07Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object