CVE-2026-5980: Buffer Overflow in D-Link DIR-605L
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
AI Analysis
Technical Summary
This vulnerability involves a buffer overflow in the formSetMACFilter function of the D-Link DIR-605L router firmware version 2.13B01. The issue arises from improper handling of the curTime argument in a POST request, allowing remote attackers to trigger a buffer overflow condition. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. The product affected is no longer maintained by D-Link, and no official fix or patch has been provided.
Potential Impact
Successful exploitation of this buffer overflow could allow a remote attacker to execute arbitrary code or cause denial of service on the affected device. Given the high CVSS score and the nature of the vulnerability, it poses a significant risk to the confidentiality, integrity, and availability of the router. However, the lack of vendor support and absence of an official patch increases the risk for users who continue to operate this device version.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability as the affected product is no longer supported by the vendor. Users are advised to discontinue use of the vulnerable firmware version 2.13B01 on the D-Link DIR-605L device. Where possible, upgrade to a newer, supported device or firmware version that is not affected by this issue. Network-level protections such as firewall rules to restrict access to the device's management interface may reduce exposure but do not fully mitigate the vulnerability.
CVE-2026-5980: Buffer Overflow in D-Link DIR-605L
Description
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a buffer overflow in the formSetMACFilter function of the D-Link DIR-605L router firmware version 2.13B01. The issue arises from improper handling of the curTime argument in a POST request, allowing remote attackers to trigger a buffer overflow condition. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity with network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. The product affected is no longer maintained by D-Link, and no official fix or patch has been provided.
Potential Impact
Successful exploitation of this buffer overflow could allow a remote attacker to execute arbitrary code or cause denial of service on the affected device. Given the high CVSS score and the nature of the vulnerability, it poses a significant risk to the confidentiality, integrity, and availability of the router. However, the lack of vendor support and absence of an official patch increases the risk for users who continue to operate this device version.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability as the affected product is no longer supported by the vendor. Users are advised to discontinue use of the vulnerable firmware version 2.13B01 on the D-Link DIR-605L device. Where possible, upgrade to a newer, supported device or firmware version that is not affected by this issue. Network-level protections such as firewall rules to restrict access to the device's management interface may reduce exposure but do not fully mitigate the vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-09T12:18:20.626Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d818301cc7ad14da2455de
Added to database: 4/9/2026, 9:20:48 PM
Last enriched: 4/17/2026, 12:27:35 PM
Last updated: 5/25/2026, 2:38:26 AM
Views: 64
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.