CVE-2026-5983: Buffer Overflow in D-Link DIR-605L
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
AI Analysis
Technical Summary
This vulnerability exists in the D-Link DIR-605L router firmware version 2.13B01 within the formSetDDNS function of the POST request handler component. An attacker can remotely manipulate the curTime argument to cause a buffer overflow, potentially leading to arbitrary code execution or denial of service. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity. The product affected is no longer maintained by D-Link, and no official remediation or patch has been provided. Public disclosure of the exploit exists, but no known active exploitation has been reported.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to cause a buffer overflow, which may result in arbitrary code execution or denial of service on the affected device. Given the device is no longer supported, affected users may face ongoing risk without official fixes. There are no confirmed reports of exploitation in the wild at this time.
Mitigation Recommendations
No official patch or remediation is available as the affected product is no longer supported by the vendor. Users should consider discontinuing use of the vulnerable device or replacing it with a supported model. Network-level protections such as restricting access to the device's management interface from untrusted networks may reduce exposure. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance if available.
CVE-2026-5983: Buffer Overflow in D-Link DIR-605L
Description
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in the D-Link DIR-605L router firmware version 2.13B01 within the formSetDDNS function of the POST request handler component. An attacker can remotely manipulate the curTime argument to cause a buffer overflow, potentially leading to arbitrary code execution or denial of service. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity. The product affected is no longer maintained by D-Link, and no official remediation or patch has been provided. Public disclosure of the exploit exists, but no known active exploitation has been reported.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to cause a buffer overflow, which may result in arbitrary code execution or denial of service on the affected device. Given the device is no longer supported, affected users may face ongoing risk without official fixes. There are no confirmed reports of exploitation in the wild at this time.
Mitigation Recommendations
No official patch or remediation is available as the affected product is no longer supported by the vendor. Users should consider discontinuing use of the vulnerable device or replacing it with a supported model. Network-level protections such as restricting access to the device's management interface from untrusted networks may reduce exposure. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance if available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-09T12:18:30.613Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d822bf1cc7ad14da2ad179
Added to database: 4/9/2026, 10:05:51 PM
Last enriched: 4/17/2026, 11:41:58 AM
Last updated: 5/25/2026, 2:39:15 AM
Views: 62
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.