CVE-2026-5980 - Vulnerability Details

- D-Link DIR-605L POST Request formSetMACFilter buffer overflow

Description

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-04-09

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a buffer overflow in the formSetMACFilter function of the POST Request Handler on the D-Link DIR-605L router. Manipulating the curTime argument causes the buffer to overflow, allowing a remote attacker to write arbitrary data and potentially execute malicious code. The flaw is classified as CWE‑119 (buffer overflow) and CWE‑120 (partial matching). Because the exploit is published and can be triggered remotely, it threatens confidentiality, integrity, and availability of the device and any network traffic it manages.

Affected Systems

Affected devices include the D-Link DIR-605L router running firmware version 2.13B01. This firmware is no longer maintained or supported by the vendor. No other affected versions are listed in the available data.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity, and the EPSS score is not available, but the existence of a published exploit and the possibility of remote attack raise the likelihood of real‑world exploitation. The vulnerability is not listed in CISA’s KEV catalog, yet its remote nature and severity warrant immediate attention. The attack vector is through an external POST request to /goform/formSetMACFilter, which an attacker can reach over the network if the router’s administrative interface is exposed.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

D-Link

DIR-605L

affected

Version	Status	Constraints
`2.13B01`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

D-link

Dir-605l

100%

Version	Status	Scheme	Platform
`2.13B01`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the router firmware to the latest supported version from D-Link.
If a firmware update is unavailable, block external access to the web‑based admin interface using firewall rules or by disconnecting the router from the internet.
Disable or restrict the MAC filter feature to eliminate use of the vulnerable formSetMACFilter path.
Monitor the router for abnormal activity and apply rate limiting or intrusion detection if available.

Generated by OpenCVE AI on April 9, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.0005.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetMACFilter-33153a41781f807c8fb4c3a75f7b555e?source=copy_link
https://vuldb.com/submit/791853
https://vuldb.com/vuln/356534
https://vuldb.com/vuln/356534/cti
https://www.dlink.com/

History

Thu, 30 Apr 2026 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-605l Dlink dir-605l Firmware
CPEs		cpe:2.3:h:dlink:dir-605l:-:::::::* cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:::::::*
Vendors & Products		Dlink Dlink dir-605l Dlink dir-605l Firmware

Fri, 10 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 10 Apr 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		D-link D-link dir-605l
Vendors & Products		D-link D-link dir-605l

Thu, 09 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Title		D-Link DIR-605L POST Request formSetMACFilter buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetMACFilter-33153a41781f807c8fb4c3a75f7b555e?source=copy_link https://vuldb.com/submit/791853 https://vuldb.com/vuln/356534 https://vuldb.com/vuln/356534/cti https://www.dlink.com/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

D-link Dir-605l

Dlink Dir-605l Dir-605l Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-09T21:00:23.939Z

Updated: 2026-04-10T14:05:53.814Z

Reserved: 2026-04-09T12:18:20.626Z

Link: CVE-2026-5980

Vulnrichment

Updated: 2026-04-10T14:05:48.653Z

NVD

Status : Analyzed

Published: 2026-04-09T21:16:14.223

Modified: 2026-04-30T15:33:30.243

Link: CVE-2026-5980

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-10T09:29:08Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object