EUVD-2026-21186
GHSA-8w3p-hgjr-h6h4
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Buffer overflow in D-Link DIR-605L 2.13B01 router allows authenticated remote attackers to achieve code execution through malicious curTime parameter in formVirtualServ function via POST request to /goform/formVirtualServ endpoint. Affects end-of-life product with no vendor support. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all DIR-605L 2.13B01 routers in your network inventory and isolate affected devices from critical systems; notify business owners of impacted devices. Within 7 days: Restrict administrative access to these routers to specific administrative IP ranges and disable remote management; implement network segmentation to limit router privileges. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today