CVE-2025-7945 is a critical buffer overflow vulnerability identified in the D-Link DIR-513 router, specifically affecting firmware versions up to 20190831. The vulnerability resides in the function formSetWanDhcpplus within the /goform/formSetWanDhcpplus endpoint. An attacker can remotely manipulate the 'curTime' argument passed to this function, triggering a buffer overflow condition. This type of vulnerability typically allows an attacker to overwrite memory adjacent to the buffer, potentially leading to arbitrary code execution, denial of service, or system compromise. The vulnerability is remotely exploitable without user interaction and does not require authentication, increasing its risk profile. The CVSS v4.0 base score is 8.7, indicating a high severity level with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact metrics indicate high confidentiality, integrity, and availability impacts, meaning successful exploitation could lead to full system compromise. However, it is important to note that this vulnerability affects only legacy devices that are no longer supported by D-Link, which means no official patches or firmware updates are available to remediate the issue. No known exploits have been reported in the wild yet, but the critical nature and ease of exploitation make it a significant threat, especially for environments still operating these outdated devices.

For European organizations, the impact of CVE-2025-7945 can be substantial if they continue to use the D-Link DIR-513 routers with vulnerable firmware. Exploitation could allow attackers to gain unauthorized access to internal networks, intercept or manipulate sensitive data, disrupt network availability, or pivot to other internal systems. This is particularly concerning for small and medium enterprises or home office setups that may rely on such consumer-grade routers without regular firmware updates or security monitoring. The lack of vendor support means organizations cannot rely on official patches, increasing the risk of persistent exposure. Additionally, compromised routers could be used as footholds for launching further attacks, including ransomware or espionage campaigns targeting European businesses. The threat also extends to critical infrastructure sectors that might use these devices in less visible network segments. Given the remote exploitability and no requirement for user interaction, attackers can automate attacks at scale, potentially impacting multiple organizations simultaneously.

Since the affected D-Link DIR-513 devices are no longer supported and no official patches are available, European organizations should prioritize the following mitigations: 1) Immediate replacement of all affected DIR-513 routers with currently supported and security-patched models from reputable vendors. 2) If replacement is not immediately feasible, isolate these devices from critical network segments and restrict inbound WAN access to management interfaces to prevent remote exploitation. 3) Employ network-level protections such as intrusion detection/prevention systems (IDS/IPS) to monitor and block suspicious traffic targeting the /goform/formSetWanDhcpplus endpoint or unusual DHCP-related requests. 4) Conduct network audits to identify all instances of the DIR-513 in use and maintain an asset inventory to prevent unmanaged devices from remaining in production. 5) Educate IT staff and users about the risks of using unsupported hardware and the importance of timely device upgrades. 6) Consider deploying network segmentation and zero-trust principles to limit the impact of any compromised device. 7) Monitor threat intelligence feeds for any emerging exploits targeting this vulnerability to respond promptly.