Cyber Resilience

CVE-2026-3978

HighPublic PoC

Published: 12 March 2026

Published
12 March 2026
Modified
16 March 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0072 48.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-3978 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-3978 is a stack-based buffer overflow vulnerability affecting the D-Link DIR-513 router version 1.10. The flaw resides in an unknown function within the /goform/formEasySetupWizard3 file, where manipulation of the "wan_connected" argument triggers the overflow. Published on 2026-03-12, it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity. It can be exploited remotely by attackers with low privileges over the network, requiring low complexity and no user interaction. Successful exploitation enables high-impact consequences on confidentiality, integrity, and availability, such as potential remote code execution via the buffer overflow.

Advisories referenced in VulDB entries (ctiid.350413, id.350413, submit.769586) document the issue and its public exploit availability, while a GitHub repository at https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_21/README.md provides exploit details. The D-Link website (https://www.dlink.com/) is listed but offers no specific mitigation or patch details in the available information. The exploit is public and may be used in attacks.

EU & UK References

Vulnerability details

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now…

more

public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the router's internet-accessible web form (/goform/formEasySetupWizard3) directly enables remote code execution against a public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-7910Same product: Dlink Dir-513
CVE-2025-7909Same product: Dlink Dir-513
CVE-2025-8159Same product: Dlink Dir-513
CVE-2025-8184Same product: Dlink Dir-513
CVE-2025-70233Same product: Dlink Dir-513
CVE-2025-70229Same product: Dlink Dir-513
CVE-2025-70221Same product: Dlink Dir-513
CVE-2025-70246Same product: Dlink Dir-513
CVE-2025-70226Same product: Dlink Dir-513
CVE-2025-70222Same product: Dlink Dir-513

Affected Assets

dlink
dir-513 firmware
1.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the stack-based buffer overflow flaw in /goform/formEasySetupWizard3 by applying firmware patches or updates to version 1.10 of the D-Link DIR-513 router.

prevent

Enforces validation of the 'wan_connected' argument at the web form entry point to reject malformed inputs that trigger the buffer overflow.

prevent

Implements memory safeguards like stack canaries or DEP to block unauthorized code execution from the exploited buffer overflow.

References