CVE-2025-7910
Published: 20 July 2025
Summary
CVE-2025-7910 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prohibits the use of unsupported end-of-life system components like the D-Link DIR-513 router, directly preventing exposure to this unpatchable stack-based buffer overflow vulnerability.
Enforces boundary protection to monitor and control remote network access to the vulnerable /goform/formSetWanNonLogin endpoint, blocking exploitation over the network.
Implements memory protections such as non-executable stacks and address space randomization to mitigate successful exploitation of the stack-based buffer overflow in sprintf.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack-based buffer overflow in public-facing Boa webserver form handler enables arbitrary code execution via crafted HTTP requests to Exploit Public-Facing Application.
NVD Description
A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible…
more
to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2025-7910 is a critical stack-based buffer overflow vulnerability affecting the D-Link DIR-513 router on firmware version 1.10. The flaw exists in the sprintf function within the /goform/formSetWanNonLogin file of the Boa Webserver component, where manipulation of the 'curTime' argument triggers the overflow. Published on 2025-07-20, it is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8.
The vulnerability enables remote exploitation over the network (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N), while maintaining unchanged scope (S:U). Attackers can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially leading to full system compromise through the buffer overflow.
No patches are available, as the vulnerability only affects products no longer supported by the maintainer, per advisories on VulDB and the D-Link website. An exploit has been publicly disclosed in a GitHub repository detailing the formSetWanNonLogin issue, and it may be actively used given its availability. Mitigation requires isolating affected devices or decommissioning them, as referenced in VulDB entries (ctiid.317025, id.317025).
Details
- CWE(s)