CVE-2025-70239

Published Mar 3, 2026

Last updated 3 months ago

CVSS critical 9.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-70239 describes a stack buffer overflow vulnerability found in the D-Link DIR-513 v1.10 router. This flaw specifically arises when processing the `curTime` parameter within requests directed to the `goform/formSetWAN_Wizard55` endpoint.

Description
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.
Source
cve@mitre.org
NVD status
Modified
Products
dir-513_firmware

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

nvd@nist.gov
CWE-787
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-121

Social media

Hype score
Not currently trending

  1. 🔴 CVE-2025-70239 - Critical Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. https://t.co/E6NCzmZHpO https://t.co/XTXXiUG9c1

    @TheHackerWire

    4 Mar 2026

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. There is a new vulnerability with elevated criticality in D-Link DIR-513 (CVE-2025-70239) https://t.co/ecINvdsAjs

    @vuldb

    4 Mar 2026

    134 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨*CVE* CVE-2025-70239 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. https://t.co/WgQwMRXoAZ ----- Traducción: CVE-2025-70239 Desbordamiento de pila en la pila de la memoria en D-Li… https://t.co/utmtNgl

    @infoflowcloud

    3 Mar 2026

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-70239 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. https://t.co/uPkDKgccmi

    @CVEnew

    3 Mar 2026

    390 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.CVE-2026-6014
  2. A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.CVE-2026-6013
  3. A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.CVE-2026-6012
  4. A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.CVE-2026-5024
  5. A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.CVE-2026-4555

References

Sources include official advisories and independent security research.