CVE-2025-7945
Published: 22 July 2025
Summary
CVE-2025-7945 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
A buffer overflow vulnerability exists in the D-Link DIR-513 router firmware up to version 20190831. The flaw resides in the formSetWanDhcpplus function within the /goform/formSetWanDhcpplus endpoint, where improper handling of the curTime argument allows an attacker to overwrite memory. The issue is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 8.7.
An authenticated remote attacker can send a crafted HTTP request to the affected endpoint, triggering the overflow to achieve arbitrary code execution or a denial of service on the device. Because the router is no longer supported by D-Link, no official patches are available.
Public references include a detailed technical write-up and proof-of-concept on GitHub along with entries in the VulDB database. The EPSS score remains low and unchanged at 0.0118, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22273
Vulnerability details
A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the function formSetWanDhcpplus of the file /goform/formSetWanDhcpplus. The manipulation of the argument curTime leads to buffer overflow. The attack can be…
more
initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in exposed web form (formSetWanDhcpplus) on network device directly enables remote exploitation of public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the curTime input argument to prevent buffer overflow exploitation in the formSetWanDhcpplus function.
Implements memory protection mechanisms such as non-executable stacks and address space randomization to mitigate buffer overflow exploits.
Prohibits use of unsupported end-of-life products like the D-Link DIR-513, eliminating exposure to unpatchable vulnerabilities like this buffer overflow.