CVE-2025-10792 is a high-severity buffer overflow vulnerability identified in the D-Link DIR-513 router, specifically affecting the firmware version A1FW110. The vulnerability resides in an unspecified function within the /goform/formWPS endpoint, which handles arguments related to the router's WPS (Wi-Fi Protected Setup) functionality. By manipulating the webpage argument sent to this endpoint, an attacker can trigger a buffer overflow condition. This type of vulnerability can lead to arbitrary code execution, denial of service, or system compromise. The attack vector is remote network access, meaning an attacker does not require physical access or user interaction to exploit the flaw. The CVSS 4.0 base score is 8.7, reflecting a high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction required. Notably, the affected product is no longer supported by D-Link, and no official patches or mitigations have been released. Although no known exploits are currently observed in the wild, the public disclosure of the vulnerability increases the risk of exploitation by threat actors. The lack of vendor support and patch availability significantly raises the threat level for users of this device, as they remain exposed to potential attacks without official remediation options.

For European organizations, the impact of this vulnerability depends largely on the presence of the affected D-Link DIR-513 devices within their network infrastructure. Given that the device is an older model and no longer supported, it is more likely to be found in legacy or less frequently updated environments, such as small offices, home offices, or remote sites. Exploitation could allow attackers to gain unauthorized control over the router, enabling interception or manipulation of network traffic, lateral movement within the network, or disruption of internet connectivity. This could lead to data breaches, loss of service, or use of the compromised device as a foothold for further attacks. The remote exploitability and high severity score mean that even organizations with limited security monitoring could be at risk. Additionally, the absence of patches means organizations must rely on alternative mitigation strategies. The potential impact is heightened in sectors where network availability and data confidentiality are critical, such as finance, healthcare, and government agencies in Europe.

Since no official patches are available for this vulnerability due to the end-of-life status of the product, European organizations should prioritize the following specific mitigation steps: 1) Immediate identification and inventory of all D-Link DIR-513 devices running firmware A1FW110 within the network. 2) Segmentation or isolation of these devices from critical network segments to limit potential lateral movement if compromised. 3) Disable the WPS feature entirely on affected devices, if possible, to reduce the attack surface related to the vulnerable endpoint. 4) Replace the affected routers with currently supported models that receive regular security updates, prioritizing this replacement in critical or sensitive environments. 5) Implement network-level protections such as intrusion detection/prevention systems (IDS/IPS) configured to detect anomalous traffic patterns targeting /goform/formWPS or signs of buffer overflow exploitation attempts. 6) Monitor network traffic and device logs for unusual activity indicative of exploitation attempts. 7) Educate IT staff about the risks associated with unsupported network hardware and the importance of timely hardware lifecycle management. These targeted actions go beyond generic advice by focusing on compensating controls and proactive device management in the absence of vendor patches.