Dir 513
Monthly
Buffer overflow in D-Link DIR-513 firmware 1.10 formAdvanceSetup function enables authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in POST request handling at /goform/formAdvanceSetup endpoint, where insufficient input validation of the 'webpage' parameter triggers memory corruption. Publicly available exploit code exists. This router model is end-of-life with no vendor support.
Buffer overflow in D-Link DIR-513 1.10 POST request handler allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The formSetRoute function improperly validates the curTime parameter, enabling memory corruption attacks. Publicly available exploit code exists. This vulnerability affects end-of-life hardware no longer supported by D-Link, leaving no vendor remediation pathway.
Buffer overflow in D-Link DIR-513 1.10 formSetPassword function allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Exploitation occurs through POST request manipulation of the curTime parameter in /goform/formSetPassword endpoint. This end-of-life product receives no vendor support, and publicly available exploit code exists. Attack requires low-privilege authentication (CVSS PR:L) but no user interaction, enabling straightforward remote exploitation once credentials are obtained.
Buffer overflow in D-Link DIR-513 firmware 1.10 formAdvanceSetup function enables authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in POST request handling at /goform/formAdvanceSetup endpoint, where insufficient input validation of the 'webpage' parameter triggers memory corruption. Publicly available exploit code exists. This router model is end-of-life with no vendor support.
Buffer overflow in D-Link DIR-513 1.10 POST request handler allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The formSetRoute function improperly validates the curTime parameter, enabling memory corruption attacks. Publicly available exploit code exists. This vulnerability affects end-of-life hardware no longer supported by D-Link, leaving no vendor remediation pathway.
Buffer overflow in D-Link DIR-513 1.10 formSetPassword function allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Exploitation occurs through POST request manipulation of the curTime parameter in /goform/formSetPassword endpoint. This end-of-life product receives no vendor support, and publicly available exploit code exists. Attack requires low-privilege authentication (CVSS PR:L) but no user interaction, enabling straightforward remote exploitation once credentials are obtained.