CVE-2026-5024 identifies a stack-based buffer overflow vulnerability in the D-Link DIR-513 router running firmware version 1.10. The vulnerability resides in the formSetEmail function, specifically in the handling of the curTime parameter submitted to the /goform/formSetEmail endpoint. Improper validation or bounds checking of this input allows an attacker to overflow the stack buffer, potentially overwriting return addresses or control data. This can lead to arbitrary code execution with elevated privileges on the device. The attack vector is remote network-based, requiring no authentication or user interaction, making it highly exploitable. The CVSS 4.0 base score is 8.7, reflecting the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges required. Although an exploit is publicly available, the affected device is no longer supported by D-Link, and no official patches have been released. This leaves devices vulnerable unless mitigated by other means such as network segmentation or device replacement. The vulnerability affects only firmware version 1.10 of the DIR-513 model, which is an older router model with limited market presence today.

The exploitation of this vulnerability can lead to full compromise of the affected router, allowing attackers to execute arbitrary code remotely with elevated privileges. This can result in unauthorized access to network traffic, interception or manipulation of data, disruption of network services, and potential pivoting to other devices within the network. For organizations still using the DIR-513 router, this presents a critical risk to network security, particularly if the device is exposed to untrusted networks or the internet. The lack of vendor support and patches increases the risk as no official remediation is available. Attackers could leverage this vulnerability to establish persistent footholds, conduct espionage, or launch further attacks against internal infrastructure. The impact is especially severe in environments where these routers serve as primary gateways or are part of critical infrastructure.

Given the absence of official patches due to end-of-life status, organizations should prioritize replacing the D-Link DIR-513 routers with modern, supported hardware that receives regular security updates. In the interim, network administrators should restrict access to the affected devices by implementing strict firewall rules to block inbound traffic to the /goform/formSetEmail endpoint or the router’s management interface from untrusted networks. Employ network segmentation to isolate legacy devices from critical systems and sensitive data. Monitoring network traffic for anomalous requests targeting the vulnerable endpoint can help detect exploitation attempts. Additionally, disabling remote management features and enforcing strong network perimeter defenses will reduce exposure. If replacement is not immediately feasible, consider deploying intrusion prevention systems (IPS) with custom signatures to detect and block exploit attempts targeting this vulnerability.