EUVD-2026-21222
GHSA-3vj3-fr37-rf37
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Tags
Description
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Buffer overflow in D-Link DIR-605L 2.13B01 router enables remote code execution via POST request manipulation of curTime parameter in formSetDDNS function. Publicly available exploit code exists. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all D-Link DIR-605L routers in production and flag as critical risk. Within 7 days: Isolate affected devices to a segregated management network or plan immediate replacement with current-generation equipment; if isolation is infeasible, disable remote management features and restrict network access via firewall rules. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today