CVE-2025-7945 is a critical buffer overflow vulnerability identified in the D-Link DIR-513 router, specifically affecting firmware versions up to 20190831. The vulnerability resides in the function formSetWanDhcpplus within the /goform/formSetWanDhcpplus endpoint. The flaw is triggered by improper handling of the 'curTime' argument, which can be manipulated remotely to cause a buffer overflow condition. This type of vulnerability can lead to arbitrary code execution, denial of service, or complete compromise of the affected device. Notably, the vulnerability can be exploited without user interaction and requires no authentication, increasing its risk profile. However, the affected devices are no longer supported by the vendor, meaning no official patches or firmware updates are available. The CVSS v4.0 base score is 8.7, indicating a high severity level, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability impacts the confidentiality, integrity, and availability of the device, potentially allowing attackers to gain control over network traffic or use the device as a pivot point for further attacks within a network.

For European organizations, the impact of this vulnerability can be significant, especially for those still using legacy D-Link DIR-513 routers in their network infrastructure. Exploitation could lead to unauthorized access to internal networks, interception or manipulation of sensitive data, and disruption of network services. Given that the device is often used in small office/home office (SOHO) environments, compromised routers could serve as entry points for attackers targeting larger corporate networks or critical infrastructure. The lack of vendor support exacerbates the risk, as organizations cannot rely on official patches and must consider device replacement or alternative mitigations. Additionally, the vulnerability could be leveraged in botnet campaigns or distributed denial-of-service (DDoS) attacks, affecting broader network stability and security within European regions.

Since no official patches are available due to the end-of-life status of the affected devices, European organizations should prioritize the immediate replacement of D-Link DIR-513 routers with currently supported models that receive regular security updates. Network segmentation should be enforced to isolate legacy devices from critical infrastructure and sensitive data environments. Implementing strict firewall rules to restrict inbound access to router management interfaces can reduce exposure. Monitoring network traffic for unusual patterns or signs of exploitation attempts is recommended. Additionally, organizations should conduct asset inventories to identify any remaining vulnerable devices and remove or replace them promptly. Employing intrusion detection/prevention systems (IDS/IPS) with signatures for known exploitation attempts targeting this vulnerability can provide additional defense layers.