Cyber Posture

CVE-2025-70239

CriticalPublic PoC

Published: 03 March 2026

Published
03 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70239 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents stack buffer overflows by validating and sanitizing the curTime parameter input to the goform/formSetWAN_Wizard55 endpoint.

SI-2 Flaw Remediation good match
prevent

Addresses the vulnerability through timely flaw remediation, such as applying vendor patches for the D-Link DIR-513 v1.10 stack buffer overflow.

SI-16 Memory Protection partial match
prevent

Mitigates exploitation of the stack-based buffer overflow via memory protections like stack canaries or non-executable stacks.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote unauthenticated stack buffer overflow in public-facing web endpoint on network device directly enables exploitation of public-facing applications for initial access and RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.

Deeper analysisAI

CVE-2025-70239 is a stack buffer overflow vulnerability in the D-Link DIR-513 router version 1.10. The flaw occurs via the curTime parameter sent to the goform/formSetWAN_Wizard55 endpoint, and it is associated with CWEs CWE-787 (Out-of-bounds Write) and CWE-121 (Stack-based Buffer Overflow). The vulnerability was published on 2026-03-03T21:15:57.160 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Attackers with network access can exploit this vulnerability remotely without authentication, privileges, or user interaction due to its low attack complexity and unchanged scope. Exploitation could result in high impacts across confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data compromise, or device denial of service through stack buffer manipulation.

Mitigation details are available in vendor advisories, including the GitHub CVE report at https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2025-70239, the D-Link DIR-513 product support page at https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-513, and the D-Link security bulletin at https://www.dlink.com/en/security-bulletin/.

Details

CWE(s)
CWE-787CWE-121

Affected Products

dlink
dir-513 firmware
1.10

CVEs Like This One

CVE-2025-70236Same product: Dlink Dir-513
CVE-2025-70241Same product: Dlink Dir-513
CVE-2025-70234Same product: Dlink Dir-513
CVE-2025-70237Same product: Dlink Dir-513
CVE-2025-70240Same product: Dlink Dir-513
CVE-2025-70245Same product: Dlink Dir-513
CVE-2025-8159Same product: Dlink Dir-513
CVE-2025-8184Same product: Dlink Dir-513
CVE-2025-70219Same product: Dlink Dir-513
CVE-2025-70230Same product: Dlink Dir-513

References