Description
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-03-22
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Stack-based Buffer Overflow
Action: Apply Patch
AI Analysis

Impact

A stack-based buffer overflow exists in the boa component’s formEasySetTimezone function of the D‑Link DIR‑513 firmware 1.10. The vulnerable argument curTime is not validated for length, allowing an attacker to overflow a stack buffer. This flaw, identified as CWE‑121 with associated memory corruption weaknesses (CWE‑119, CWE‑787), can result in arbitrary code execution or denial of service when triggered.

Affected Systems

Only the DIR‑513 model running firmware build 1.10 is affected. All newer firmware releases and other D‑Link products are not mentioned as vulnerable in the statement.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. An EPSS estimate of less than 1 % suggests that exploitation is not yet common, and the vulnerability is not listed in the CISA KEV catalog. The attack can be launched remotely by sending HTTP requests to /goform/formEasySetTimezone; a public exploit has already been released, making the risk tangible for exposed devices. It is inferred that the attacker must be able to reach the router from an external network to achieve exploitation.

Generated by OpenCVE AI on April 4, 2026 at 00:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the DIR‑513 firmware to a version that contains the buffer overflow fix, if one exists from D‑Link.
  • If no newer firmware is available, block or firewall external access to the /goform/formEasySetTimezone endpoint.
  • Disable or restrict remote administration features to limit exposure.
  • Monitor device logs and network traffic for abnormal POST requests to the vulnerable endpoint.
  • Consider replacing the unsupported DIR‑513 with a newer model that is not affected by this vulnerability.

Generated by OpenCVE AI on April 4, 2026 at 00:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-513
Dlink dir-513 Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:dlink:dir-513:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-513_firmware:1.10:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-513
Dlink dir-513 Firmware

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-513
Vendors & Products D-link
D-link dir-513

Sun, 22 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DIR-513 boa formEasySetTimezone memory corruption
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dir-513
Dlink Dir-513 Dir-513 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-23T15:28:12.714Z

Reserved: 2026-03-21T17:01:53.514Z

Link: CVE-2026-4555

cve-icon Vulnrichment

Updated: 2026-03-23T15:28:07.405Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-22T17:17:09.937

Modified: 2026-04-03T19:31:00.670

Link: CVE-2026-4555

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:09:00Z

Weaknesses