CVE-2025-7910 is a critical security vulnerability identified in the D-Link DIR-513 router, specifically version 1.10. The flaw resides in the Boa Webserver component, within the /goform/formSetWanNonLogin endpoint, where the sprintf function improperly handles the 'curTime' argument. This improper handling leads to a stack-based buffer overflow, a condition where more data is written to a buffer than it can hold, overwriting adjacent memory. This vulnerability is exploitable remotely without requiring user interaction or authentication, making it highly dangerous. An attacker can craft a malicious request to the vulnerable endpoint, triggering the overflow and potentially executing arbitrary code with elevated privileges on the device. Although the product is no longer supported by D-Link, the exploit details have been publicly disclosed, increasing the risk of exploitation by threat actors. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity, with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The lack of vendor support means no official patches or updates are available, leaving devices exposed unless mitigated by other means.

For European organizations, the impact of this vulnerability can be significant, especially for those still using legacy D-Link DIR-513 routers in their network infrastructure. Exploitation could lead to full compromise of the affected router, allowing attackers to intercept, modify, or disrupt network traffic, potentially leading to data breaches, espionage, or denial of service. This is particularly critical for small and medium enterprises or branch offices that may rely on older hardware due to budget constraints. The compromise of network perimeter devices can also serve as a pivot point for further attacks within the internal network, threatening sensitive corporate data and operational continuity. Given the public disclosure of the exploit and the absence of vendor patches, the risk of automated attacks or inclusion in botnets is elevated. Additionally, critical infrastructure operators or organizations in regulated sectors using these devices may face compliance and reputational risks if exploited.

Since the affected product is no longer supported and no official patches exist, European organizations should prioritize the following mitigations: 1) Immediate replacement of the D-Link DIR-513 routers with supported, updated hardware that receives security patches. 2) If replacement is not immediately feasible, isolate the vulnerable devices from the internet and restrict access to trusted management networks only, using network segmentation and firewall rules. 3) Employ intrusion detection and prevention systems (IDS/IPS) to monitor and block suspicious traffic targeting the /goform/formSetWanNonLogin endpoint or unusual patterns indicative of buffer overflow exploitation attempts. 4) Regularly audit network devices to identify legacy hardware and maintain an up-to-date asset inventory. 5) Educate IT staff about this specific vulnerability and encourage vigilance for signs of compromise. 6) Consider deploying network-level mitigations such as Web Application Firewalls (WAFs) that can detect and block exploit attempts against known vulnerable endpoints. 7) Implement strict network access controls and VPNs for remote management to reduce exposure.