CVE-2025-70236 is a stack-based buffer overflow vulnerability identified in the D-Link DIR-513 router firmware version 1.10. The vulnerability arises from improper handling of the curTime parameter submitted to the goform/formSetDomainFilter endpoint, which is part of the router's web management interface. When an attacker sends a specially crafted HTTP request containing an oversized or malformed curTime parameter, it causes the router's software to write beyond the bounds of a stack buffer. This can lead to a denial of service condition by crashing the router or potentially enabling further exploitation, although no evidence currently suggests code execution or data compromise. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, increasing its risk profile. However, the impact is limited to availability (denial of service), with no direct impact on confidentiality or integrity. The CVSS v3.1 base score is 5.3, categorized as medium severity, reflecting the ease of exploitation (network vector, low attack complexity, no privileges required) but limited impact scope. No patches or mitigations have been officially released by D-Link as of the publication date. No known exploits have been observed in the wild, indicating limited active threat at this time. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow), a common and well-understood software weakness. Organizations using the affected router model should prioritize network segmentation, restrict remote management access, and monitor for firmware updates from D-Link to remediate this issue.

The primary impact of CVE-2025-70236 is denial of service against the D-Link DIR-513 router, which can disrupt network connectivity for affected users. This can lead to operational downtime, loss of internet access, and potential interruption of business-critical services relying on the router. Since the vulnerability does not affect confidentiality or integrity, data theft or manipulation is unlikely. However, denial of service on network infrastructure devices can have cascading effects, especially in small office or home office environments where this router is commonly deployed. The lack of authentication requirement and remote exploitability increases the risk of widespread scanning and exploitation attempts once public details become known. Organizations relying on this router model should be aware that attackers could cause network outages remotely, potentially as part of larger denial of service campaigns or targeted attacks. The absence of known exploits in the wild reduces immediate risk but does not eliminate the possibility of future exploitation. The medium severity rating suggests that while the threat is significant, it is not critical, but timely mitigation is recommended to maintain network availability.

1. Immediately restrict access to the router's web management interface by disabling remote management or limiting it to trusted IP addresses only. 2. Implement network segmentation to isolate the router management interface from untrusted networks, reducing exposure to external attackers. 3. Monitor network traffic for unusual or malformed HTTP requests targeting the goform/formSetDomainFilter endpoint, which may indicate exploitation attempts. 4. Regularly check for firmware updates from D-Link and apply patches promptly once available to address this vulnerability. 5. Consider replacing the affected router model with a more secure and actively supported device if firmware updates are not forthcoming. 6. Employ intrusion detection/prevention systems (IDS/IPS) with signatures that can detect buffer overflow attempts targeting this specific endpoint. 7. Educate network administrators about the vulnerability and encourage vigilance for signs of denial of service or unusual router behavior. 8. Maintain backups of router configurations to enable rapid recovery in case of disruption caused by exploitation.