Skip to main content

D-Link EUVD-2026-21307

| CVE-2026-6012 HIGH
Classic Buffer Overflow (CWE-120)
2026-04-10 VulDB GHSA-x6gx-rmhg-wc3f
D-Link Buffer Overflow
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Apr 10, 2026 - 05:16 vuln.today
Public exploit code
EUVD ID Assigned
Apr 10, 2026 - 04:45 euvd
EUVD-2026-21307
Analysis Generated
Apr 10, 2026 - 04:45 vuln.today
CVE Published
Apr 10, 2026 - 04:00 nvd
HIGH 7.4

DescriptionCVE.org

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Buffer overflow in D-Link DIR-513 1.10 formSetPassword function allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Exploitation occurs through POST request manipulation of the curTime parameter in /goform/formSetPassword endpoint. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to D-Link DIR-513 router
Delivery
POST request to /goform/formSetPassword
Exploit
Inject oversized curTime parameter
Execution
Trigger buffer overflow
Impact
Execute arbitrary code
Sign in to reveal

Vulnerability AssessmentAI

Exploitation D-Link DIR-513 firmware version 1.10 (end-of-life product). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 8.8 with high confidentiality, integrity, and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario Attacker with valid credentials sends POST request to /goform/formSetPassword with oversized curTime payload, causing buffer overflow. Public exploit code available enables straightforward execution; low complexity due to network accessibility and lack of user interaction required.
Remediation No vendor-released patch identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all D-Link DIR-513 1.10 devices on the network and isolate or disable any units found. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12174 HIGH POC
7.4 Jun 13

Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt me

Share

EUVD-2026-21307 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy