CVE-2025-7910
Published: 20 July 2025
Summary
CVE-2025-7910 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SC-7 (Boundary Protection).
Deeper analysis
A critical stack-based buffer overflow vulnerability, tracked as CVE-2025-7910, affects the D-Link DIR-513 wireless router running firmware version 1.10. The flaw resides in the sprintf function within the /goform/formSetWanNonLogin endpoint of the Boa Webserver component; unsanitized input supplied to the curTime argument can overflow the stack buffer. The issue is tracked under CWE-119 and CWE-121 and carries a CVSS 4.0 score of 7.4.
An authenticated remote attacker can send a crafted HTTP request to the affected endpoint and achieve arbitrary code execution or a denial-of-service condition on the device. The vulnerability can be triggered over the network without user interaction, and a working exploit has already been published.
The affected hardware is explicitly described as end-of-life and unsupported by D-Link, so no vendor patches are expected. Public references include a detailed proof-of-concept on GitHub and entries in the VulDB database; the current EPSS score remains flat at 0.0198 with no observed increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22041
Vulnerability details
A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible…
more
to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack-based buffer overflow in public-facing Boa webserver form handler enables arbitrary code execution via crafted HTTP requests to Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Prohibits the use of unsupported end-of-life system components like the D-Link DIR-513 router, directly preventing exposure to this unpatchable stack-based buffer overflow vulnerability.
Enforces boundary protection to monitor and control remote network access to the vulnerable /goform/formSetWanNonLogin endpoint, blocking exploitation over the network.
Implements memory protections such as non-executable stacks and address space randomization to mitigate successful exploitation of the stack-based buffer overflow in sprintf.