CVE-2025-70242: n/a
CVE-2025-70242 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router firmware version 1. 10. The flaw is triggered via the webPage parameter in the goform/formSetWanPPTP endpoint. This vulnerability allows remote attackers to cause a denial of service by crashing the device, as it leads to an overflow in the stack memory. No authentication or user interaction is required to exploit this vulnerability, and it can be triggered over the network. Although no known exploits are currently in the wild, the vulnerability has a high CVSS score of 7. 5 due to its ease of exploitation and impact on availability. There is no patch currently available, increasing the risk for affected users. Organizations using this router model should prioritize mitigation to prevent potential service disruptions. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow issue.
AI Analysis
Technical Summary
CVE-2025-70242 is a high-severity stack buffer overflow vulnerability affecting the D-Link DIR-513 router, specifically firmware version 1.10. The vulnerability arises from improper handling of the webPage parameter in the goform/formSetWanPPTP HTTP endpoint, which is part of the router's web management interface. When a specially crafted request is sent to this endpoint, the input data overflows a fixed-size stack buffer, corrupting adjacent memory. This can cause the router to crash, resulting in a denial of service (DoS) condition. The vulnerability does not require any authentication or user interaction, making it remotely exploitable by any attacker with network access to the device's management interface. The CVSS v3.1 score is 7.5 (High), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and an impact limited to availability (no confidentiality or integrity impact). The vulnerability is categorized under CWE-121, which is a common weakness related to stack-based buffer overflows. No patches or fixes have been published yet, and no known exploits have been observed in the wild. However, given the device's exposure and the ease of exploitation, this vulnerability poses a significant risk to affected deployments.
Potential Impact
The primary impact of CVE-2025-70242 is a denial of service condition on affected D-Link DIR-513 routers. Exploitation causes the device to crash or reboot, disrupting network connectivity and potentially causing downtime for users or organizations relying on these routers for internet access or internal network routing. This can affect both home users and small businesses that use this model. While the vulnerability does not directly compromise confidentiality or integrity, the loss of availability can have cascading effects, such as interrupting business operations, remote work, or critical communications. In environments where these routers serve as gateways or VPN endpoints, the disruption could also impact remote access capabilities. The lack of authentication requirement and ease of exploitation increase the likelihood of attacks, especially in scenarios where the router's management interface is exposed to untrusted networks. The absence of a patch further elevates the risk until mitigations are applied.
Mitigation Recommendations
Given the absence of an official patch, organizations should implement the following mitigations: 1) Restrict access to the router's management interface by limiting it to trusted internal networks only, using firewall rules or network segmentation to block external access. 2) Disable remote management features if not required, especially those exposing the goform/formSetWanPPTP endpoint. 3) Monitor network traffic for unusual or malformed HTTP requests targeting the router's management interface, which may indicate exploitation attempts. 4) Consider replacing affected devices with updated models or alternative routers that receive regular security updates. 5) If possible, implement network-level intrusion prevention systems (IPS) with signatures to detect and block attempts to exploit this specific buffer overflow. 6) Maintain an inventory of affected devices to ensure timely response when patches become available. 7) Educate users and administrators about the risk and encourage prompt reporting of connectivity issues that may indicate exploitation.
Affected Countries
United States, Germany, United Kingdom, France, Canada, Australia, India, Brazil, Japan, South Korea
CVE-2025-70242: n/a
Description
CVE-2025-70242 is a stack buffer overflow vulnerability found in the D-Link DIR-513 router firmware version 1. 10. The flaw is triggered via the webPage parameter in the goform/formSetWanPPTP endpoint. This vulnerability allows remote attackers to cause a denial of service by crashing the device, as it leads to an overflow in the stack memory. No authentication or user interaction is required to exploit this vulnerability, and it can be triggered over the network. Although no known exploits are currently in the wild, the vulnerability has a high CVSS score of 7. 5 due to its ease of exploitation and impact on availability. There is no patch currently available, increasing the risk for affected users. Organizations using this router model should prioritize mitigation to prevent potential service disruptions. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-70242 is a high-severity stack buffer overflow vulnerability affecting the D-Link DIR-513 router, specifically firmware version 1.10. The vulnerability arises from improper handling of the webPage parameter in the goform/formSetWanPPTP HTTP endpoint, which is part of the router's web management interface. When a specially crafted request is sent to this endpoint, the input data overflows a fixed-size stack buffer, corrupting adjacent memory. This can cause the router to crash, resulting in a denial of service (DoS) condition. The vulnerability does not require any authentication or user interaction, making it remotely exploitable by any attacker with network access to the device's management interface. The CVSS v3.1 score is 7.5 (High), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and an impact limited to availability (no confidentiality or integrity impact). The vulnerability is categorized under CWE-121, which is a common weakness related to stack-based buffer overflows. No patches or fixes have been published yet, and no known exploits have been observed in the wild. However, given the device's exposure and the ease of exploitation, this vulnerability poses a significant risk to affected deployments.
Potential Impact
The primary impact of CVE-2025-70242 is a denial of service condition on affected D-Link DIR-513 routers. Exploitation causes the device to crash or reboot, disrupting network connectivity and potentially causing downtime for users or organizations relying on these routers for internet access or internal network routing. This can affect both home users and small businesses that use this model. While the vulnerability does not directly compromise confidentiality or integrity, the loss of availability can have cascading effects, such as interrupting business operations, remote work, or critical communications. In environments where these routers serve as gateways or VPN endpoints, the disruption could also impact remote access capabilities. The lack of authentication requirement and ease of exploitation increase the likelihood of attacks, especially in scenarios where the router's management interface is exposed to untrusted networks. The absence of a patch further elevates the risk until mitigations are applied.
Mitigation Recommendations
Given the absence of an official patch, organizations should implement the following mitigations: 1) Restrict access to the router's management interface by limiting it to trusted internal networks only, using firewall rules or network segmentation to block external access. 2) Disable remote management features if not required, especially those exposing the goform/formSetWanPPTP endpoint. 3) Monitor network traffic for unusual or malformed HTTP requests targeting the router's management interface, which may indicate exploitation attempts. 4) Consider replacing affected devices with updated models or alternative routers that receive regular security updates. 5) If possible, implement network-level intrusion prevention systems (IPS) with signatures to detect and block attempts to exploit this specific buffer overflow. 6) Maintain an inventory of affected devices to ensure timely response when patches become available. 7) Educate users and administrators about the risk and encourage prompt reporting of connectivity issues that may indicate exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-01-09T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69b0864c2f860ef943bbb07a
Added to database: 3/10/2026, 8:59:56 PM
Last enriched: 3/10/2026, 9:14:25 PM
Last updated: 3/10/2026, 11:31:23 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.