Skip to main content

Dir 513 Firmware CVE-2025-70231

CRITICAL
Path Traversal (CWE-22)
2026-03-05 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
PoC Detected
Mar 06, 2026 - 17:37 vuln.today
Public exploit code
CVE Published
Mar 05, 2026 - 19:16 nvd
CRITICAL 9.8

DescriptionCVE.org

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability.

AnalysisAI

Path traversal in D-Link DIR-513 verification code processing. PoC available.

Technical ContextAI

CWE-22 in verification code handling.

RemediationAI

Replace EOL device.

CVE-2025-46108 CRITICAL POC
9.8 Mar 04

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. [CVSS 9.8 CRITICAL]

CVE-2025-70233 CRITICAL POC
9.8 Mar 05

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. Part of a family

CVE-2025-70232 CRITICAL POC
9.8 Mar 05

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. Part of a family of

CVE-2025-70230 CRITICAL POC
9.8 Mar 05

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. Part of a family of 15+ c

CVE-2025-70229 CRITICAL POC
9.8 Mar 05

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. Part of a family of 15+

CVE-2025-70222 CRITICAL POC
9.8 Mar 04

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. Part of

CVE-2025-70225 CRITICAL POC
9.8 Mar 04

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWWConfig. Part of a famil

CVE-2025-70221 CRITICAL POC
9.8 Mar 04

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. Part of a family of 15+ cri

CVE-2025-70219 CRITICAL POC
9.8 Mar 04

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formDeviceReboot. Part of a family of

CVE-2025-70226 CRITICAL POC
9.8 Mar 04

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. Part of a family

CVE-2025-70223 CRITICAL POC
9.8 Mar 04

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. Part of a family of 15

CVE-2025-70220 CRITICAL POC
9.8 Mar 04

Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. Part of a fa

Share

CVE-2025-70231 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy