CVE-2026-6012: Buffer Overflow in D-Link DIR-513
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
AI Analysis
Technical Summary
This vulnerability exists in the D-Link DIR-513 router firmware version 1.10, specifically in the formSetPassword function located at /goform/formSetPassword. An attacker can remotely send a specially crafted POST request manipulating the curTime parameter, causing a buffer overflow. This condition may allow execution of arbitrary code or denial of service. The product is out of support, and no official fix or patch has been provided by D-Link. The CVSS 4.0 base score is 8.7, reflecting high impact and ease of exploitation without privileges or user interaction.
Potential Impact
Successful exploitation of this vulnerability could lead to remote code execution or denial of service on the affected device. Since the router is no longer supported, the vulnerability remains unpatched, increasing the risk for users still operating this device. The public disclosure of an exploit further elevates the threat level. The compromised device could be leveraged to disrupt network operations or as a foothold for further attacks within the network.
Mitigation Recommendations
No official patch or remediation is available due to the product being out of support. Users are strongly advised to discontinue use of the affected D-Link DIR-513 version 1.10 device or replace it with a supported model. Network-level protections such as firewall rules to restrict access to the device's management interface from untrusted networks may reduce exposure. Monitor for unusual activity related to the device, but note that no vendor-provided fix currently exists.
CVE-2026-6012: Buffer Overflow in D-Link DIR-513
Description
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in the D-Link DIR-513 router firmware version 1.10, specifically in the formSetPassword function located at /goform/formSetPassword. An attacker can remotely send a specially crafted POST request manipulating the curTime parameter, causing a buffer overflow. This condition may allow execution of arbitrary code or denial of service. The product is out of support, and no official fix or patch has been provided by D-Link. The CVSS 4.0 base score is 8.7, reflecting high impact and ease of exploitation without privileges or user interaction.
Potential Impact
Successful exploitation of this vulnerability could lead to remote code execution or denial of service on the affected device. Since the router is no longer supported, the vulnerability remains unpatched, increasing the risk for users still operating this device. The public disclosure of an exploit further elevates the threat level. The compromised device could be leveraged to disrupt network operations or as a foothold for further attacks within the network.
Mitigation Recommendations
No official patch or remediation is available due to the product being out of support. Users are strongly advised to discontinue use of the affected D-Link DIR-513 version 1.10 device or replace it with a supported model. Network-level protections such as firewall rules to restrict access to the device's management interface from untrusted networks may reduce exposure. Monitor for unusual activity related to the device, but note that no vendor-provided fix currently exists.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-09T14:36:30.211Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d881ab1cc7ad14da707ae9
Added to database: 4/10/2026, 4:50:51 AM
Last enriched: 4/10/2026, 5:05:59 AM
Last updated: 4/10/2026, 6:03:01 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.