EUVD-2026-21310
GHSA-ch75-q946-9j9r
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Buffer overflow in D-Link DIR-513 firmware 1.10 formAdvanceSetup function enables authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in POST request handling at /goform/formAdvanceSetup endpoint, where insufficient input validation of the 'webpage' parameter triggers memory corruption. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all D-Link DIR-513 devices running firmware 1.10 in your network and document their business function and connectivity. Within 7 days: Implement network segmentation to isolate affected routers from critical systems; restrict administrative access to the /goform/formAdvanceSetup endpoint via firewall rules; consider credential rotation for any accounts with access to these devices. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today