EUVD-2026-21187
GHSA-vp9w-9m49-6hgc
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Tags
Description
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Buffer overflow in D-Link DIR-605L 2.13B01 router allows authenticated attackers to achieve remote code execution via crafted curTime parameter in formSetMACFilter POST handler. This end-of-life product receives no vendor support. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all D-Link DIR-605L routers and document firmware versions. Within 7 days: Isolate affected devices from production networks or discontinue use; if operational necessity exists, restrict network access to trusted internal IPs only via firewall rules. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today