Cyber Resilience

CVE-2025-70239

CriticalPublic PoC

Published: 03 March 2026

Published
03 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0061 44.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-70239 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-70239 is a stack buffer overflow vulnerability in the D-Link DIR-513 router version 1.10. The flaw occurs via the curTime parameter sent to the goform/formSetWAN_Wizard55 endpoint, and it is associated with CWEs CWE-787 (Out-of-bounds Write) and CWE-121 (Stack-based Buffer Overflow). The vulnerability was published on 2026-03-03T21:15:57.160 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Attackers with network access can exploit this vulnerability remotely without authentication, privileges, or user interaction due to its low attack complexity and unchanged scope. Exploitation could result in high impacts across confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data compromise, or device denial of service through stack buffer manipulation.

Mitigation details are available in vendor advisories, including the GitHub CVE report at https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2025-70239, the D-Link DIR-513 product support page at https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-513, and the D-Link security bulletin at https://www.dlink.com/en/security-bulletin/.

EU & UK References

Vulnerability details

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated stack buffer overflow in public-facing web endpoint on network device directly enables exploitation of public-facing applications for initial access and RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-70237Same product: Dlink Dir-513
CVE-2025-70234Same product: Dlink Dir-513
CVE-2025-70245Same product: Dlink Dir-513
CVE-2025-70241Same product: Dlink Dir-513
CVE-2025-70240Same product: Dlink Dir-513
CVE-2025-70236Same product: Dlink Dir-513
CVE-2025-8159Same product: Dlink Dir-513
CVE-2025-8184Same product: Dlink Dir-513
CVE-2025-70233Same product: Dlink Dir-513
CVE-2025-70229Same product: Dlink Dir-513

Affected Assets

dlink
dir-513 firmware
1.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents stack buffer overflows by validating and sanitizing the curTime parameter input to the goform/formSetWAN_Wizard55 endpoint.

prevent

Addresses the vulnerability through timely flaw remediation, such as applying vendor patches for the D-Link DIR-513 v1.10 stack buffer overflow.

prevent

Mitigates exploitation of the stack-based buffer overflow via memory protections like stack canaries or non-executable stacks.

References