CVE-2025-7945 — Improper Restriction of Operations within the Bounds of a Memory Buffer in D-link Dir-513

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

8.7HIGHNVD

EPSS

0.4%

top 40.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-513

Timeline

PublishedJul 22

Latest updateJul 23

Description

A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the function formSetWanDhcpplus of the file /goform/formSetWanDhcpplus. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5d-link/dir-51320190831

🔴Vulnerability Details

GHSA

GHSA-49rm-7f9x-mx4g: A vulnerability was found in D-Link DIR-513 up to 20190831↗2025-07-22

▶

CVEList

D-Link DIR-513 formSetWanDhcpplus buffer overflow↗2025-07-21

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS D-Link formSetWanDhcpplus curTime Parameter Buffer Overflow Attempt (CVE-2025-7945)↗2025-07-23

▶