Which versions of D-Link are affected by CVE-2026-6014?

CVE-2026-6014 is a high-severity buffer overflow affecting D-Link DIR-513 routers (firmware 1.10) that allows authenticated attackers to execute arbitrary code and fully compromise affected devices.

Is there a public PoC exploit available for CVE-2026-6014?

Yes, a public proof-of-concept exploit is available for CVE-2026-6014. Prioritise patching immediately. EPSS: 0.0%.

D-Link CVE-2026-6014

Q: What is the CVSS score of CVE-2026-6014?

CVE-2026-6014 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21310 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-10 VulDB

GHSA-ch75-q946-9j9r

Buffer Overflow D-Link

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 10, 2026 - 05:16 vuln.today

Public exploit code

EUVD ID Assigned

Apr 10, 2026 - 04:45 euvd

EUVD-2026-21310

Analysis Generated

Apr 10, 2026 - 04:45 vuln.today

CVE Published

Apr 10, 2026 - 04:30 nvd

HIGH 7.4

DescriptionNVD

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Buffer overflow in D-Link DIR-513 firmware 1.10 formAdvanceSetup function enables authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in POST request handling at /goform/formAdvanceSetup endpoint, where insufficient input validation of the 'webpage' parameter triggers memory corruption. …

RemediationAI

Within 24 hours: Identify all D-Link DIR-513 devices running firmware 1.10 in your network and document their business function and connectivity. Within 7 days: Implement network segmentation to isolate affected routers from critical systems; restrict administrative access to the /goform/formAdvanceSetup endpoint via firewall rules; consider credential rotation for any accounts with access to these devices. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-4377 MEDIUM This Month

6.0 May 28

Weak default credential generation in the D-Link DWR-X1820 router exposes administrative access to adjacent-network atta

CVE-2026-6014 vulnerability details – vuln.today

Back

D-Link CVE-2026-6014

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

D-Link CVE-2026-6014

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code