How to fix CVE-2025-70245?

Within 24 hours: Inventory all D-Link DIR-513 v1.10 devices in production and isolate them to segregated network segments with restricted internet access. Within 7 days: Implement network-based intrusion detection signatures blocking requests to goform/formSetWizardSelectMode and disable remote management interfaces. Within 30 days: Plan replacement of affected devices with patched firmware versions or alternative vendor equipment, or enforce strict network access controls through firewall rules limiting device exposure.

Is Dir 513 Firmware affected by CVE-2025-70245?

A critical stack buffer overflow vulnerability (CVE-2025-70245) affects D-Link DIR-513 v1.10 devices, allowing unauthenticated remote code execution with a 9.8 CVSS score.

CVE-2025-70245

CRITICAL

2026-03-12 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:57 vuln.today

CVE Published

Mar 12, 2026 - 19:16 nvd

CRITICAL 9.8

Description

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.

Analysis

D-Link DIR-513 router (v1.10) has a stack buffer overflow in the curTime parameter of formSetWizardSelectMode. This is an end-of-life router with no expected patch, meaning exploitation will remain possible indefinitely.

Technical Context

The formSetWizardSelectMode handler does not bounds-check the curTime parameter before copying it to a stack buffer (CWE-787). A sufficiently long input overwrites the return address, enabling attacker-controlled code execution. As a MIPS-based router, exploitation follows well-known MIPS ROP techniques.

Affected Products

D-Link DIR-513 v1.10 (end-of-life)

Remediation

Replace the D-Link DIR-513 with a currently supported router. If replacement is not immediately possible, disable remote management and restrict LAN access to the admin interface.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

CVE-2025-70245 vulnerability details – vuln.today

Back

CVE-2025-70245

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-70245

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code