EUVD-2026-21191
GHSA-hj65-rw2v-r6pj
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Buffer overflow in D-Link DIR-605L 2.13B01 wireless router enables remote authenticated attackers to achieve arbitrary code execution via crafted POST requests to /goform/formAdvNetwork endpoint. Exploitation manipulates the curTime parameter in the formAdvNetwork function, triggering memory corruption. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all D-Link DIR-605L devices running firmware 2.13B01 in your environment and document their network locations and administrative access controls. Within 7 days: Isolate affected devices to restricted network segments with egress filtering, restrict administrative access to authorized personnel only, and implement network-based detection rules for POST requests to /goform/formAdvNetwork. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today