Which versions of D-Link are affected by CVE-2026-4486?

A critical remote code execution vulnerability affects D-Link DIR-513 routers (version 1.10) that allows authenticated attackers to gain complete control of affected devices.

Is there a public PoC exploit available for CVE-2026-4486?

Yes, a public proof-of-concept exploit is available for CVE-2026-4486. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-4486?

Within 24 hours: Inventory all D-Link DIR-513 devices in production and isolate any identified units from critical network segments. Within 7 days: Evaluate replacement hardware options and develop a phased decommissioning plan, prioritizing routers in high-value network positions. Within 30 days: Complete replacement of affected devices with supported alternatives or implement network-level compensating controls (see below) for any interim devices that cannot be immediately replaced.

D-Link CVE-2026-4486

Q: What is the CVSS score of CVE-2026-4486?

CVE-2026-4486 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-13702 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-20 VulDB

Buffer Overflow D-Link Stack Overflow

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 03, 2026 - 19:35 vuln.today

Public exploit code

EUVD ID Assigned

Mar 20, 2026 - 14:15 euvd

EUVD-2026-13702

Analysis Generated

Mar 20, 2026 - 14:15 vuln.today

CVE Published

Mar 20, 2026 - 14:02 nvd

HIGH 7.4

DescriptionCVE.org

A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Remote code execution in D-Link DIR-513 1.10 via stack-based buffer overflow in the /goform/formEasySetPassword endpoint allows unauthenticated attackers to achieve full system compromise through a malicious curTime parameter. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send HTTP request to /goform/formEasySetPassword

Exploit

Inject oversized curTime parameter

Execution

Trigger stack buffer overflow

Impact

Execute arbitrary code on device

Access

Send HTTP request to /goform/formEasySetPassword

Exploit

Inject oversized curTime parameter

Execution

Trigger stack buffer overflow

Impact

Execute arbitrary code on device

Vulnerability AssessmentAI

Exploitation	Requires authenticated access to D-Link DIR-513 firmware version 1.10 Web Service. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	This vulnerability presents a significant real-world risk despite requiring low-privilege authentication (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has obtained valid credentials to the router's web interface (through credential stuffing, default passwords, or prior compromise) connects to the device over the network and accesses the /goform/formEasySetPassword endpoint. The attacker crafts a malicious HTTP request with an oversized curTime parameter designed to overflow the stack buffer, overwriting the return address with a pointer to shellcode embedded in the payload. …
Remediation	Since the D-Link DIR-513 is end-of-life and no security patches will be released (Remediation Level: Unavailable), the primary remediation is to immediately replace the affected device with a currently supported router model from D-Link or another vendor. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all D-Link DIR-513 devices in production and isolate any identified units from critical network segments. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12174 HIGH This Week POC

7.4 Jun 13

Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt me

CVE-2026-4486 vulnerability details – vuln.today

Back