CVE-2026-5024 - Vulnerability Details

- D-Link DIR-513 formSetEmail stack-based overflow

Description

A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-03-29

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack‑based buffer overflow resides in the formSetEmail function of the D‑Link DIR‑513 firmware 1.10. By sending a crafted curTime value to the /goform/formSetEmail web endpoint, an attacker can corrupt the stack and potentially execute arbitrary code on the device. The vulnerability is explicitly described as exploitable remotely and a public exploit exists.

Affected Systems

Only D‑Link DIR‑513 units running firmware version 1.10 are affected; no other models or firmware releases are listed. These devices are no longer supported by the vendor, implying that they rely on legacy firmware with no official patch available.

Risk and Exploitability

The CVSS base score of 8.7 classifies the flaw as high severity. An EPSS score below 1% indicates that exploitation attempts are currently infrequent, likely due to limited usage or exposure of the vulnerable firmware. The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation campaigns. Attackers can exploit the weakness by delivering a malicious HTTP request to the exposed web management interface without additional prerequisites.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-513

affected

Version	Status	Constraints
`1.10`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-513_firmware:1.10:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-513:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

D-link

Dir-513

100%

Version	Status	Scheme	Platform
`1.10`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any available official firmware upgrade for the DIR‑513 that addresses the stack overflow, or replace the device with a newer model not affected by the flaw.
If no firmware patch exists, disable or remove the web management interface from the router’s configuration to prevent external access to the /goform/formSetEmail endpoint.
Use firewall rules to block remote access to the /goform/formSetEmail URL from outside the local network.
Limit the web interface to local or authenticated administrators only to reduce exposure.

Generated by OpenCVE AI on March 30, 2026 at 21:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_30/README.md
https://vuldb.com/submit/778414
https://vuldb.com/vuln/353908
https://vuldb.com/vuln/353908/cti
https://www.dlink.com/

History

Mon, 30 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-513 Dlink dir-513 Firmware
Weaknesses		CWE-787
CPEs		cpe:2.3:h:dlink:dir-513:-:::::::* cpe:2.3:o:dlink:dir-513_firmware:1.10:::::::*
Vendors & Products		Dlink Dlink dir-513 Dlink dir-513 Firmware

Mon, 30 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 30 Mar 2026 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-513
Vendors & Products		D-link D-link dir-513

Sun, 29 Mar 2026 04:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Title		D-Link DIR-513 formSetEmail stack-based overflow
Weaknesses		CWE-119 CWE-121
References		https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_30/README.md https://vuldb.com/submit/778414 https://vuldb.com/vuln/353908 https://vuldb.com/vuln/353908/cti https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-513

Dlink Dir-513 Dir-513 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-29T02:45:13.138Z

Updated: 2026-03-30T15:53:33.886Z

Reserved: 2026-03-27T14:29:09.375Z

Link: CVE-2026-5024

Vulnrichment

Updated: 2026-03-30T15:53:29.368Z

NVD

Status : Analyzed

Published: 2026-03-29T04:16:00.537

Modified: 2026-03-30T19:00:46.603

Link: CVE-2026-5024

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T20:00:33Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object