CVE-2026-3978
Published: 12 March 2026
Summary
CVE-2026-3978 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the stack-based buffer overflow flaw in /goform/formEasySetupWizard3 by applying firmware patches or updates to version 1.10 of the D-Link DIR-513 router.
Enforces validation of the 'wan_connected' argument at the web form entry point to reject malformed inputs that trigger the buffer overflow.
Implements memory safeguards like stack canaries or DEP to block unauthorized code execution from the exploited buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's internet-accessible web form (/goform/formEasySetupWizard3) directly enables remote code execution against a public-facing application (T1190).
NVD Description
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now…
more
public and may be used.
Deeper analysisAI
CVE-2026-3978 is a stack-based buffer overflow vulnerability affecting the D-Link DIR-513 router version 1.10. The flaw resides in an unknown function within the /goform/formEasySetupWizard3 file, where manipulation of the "wan_connected" argument triggers the overflow. Published on 2026-03-12, it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity. It can be exploited remotely by attackers with low privileges over the network, requiring low complexity and no user interaction. Successful exploitation enables high-impact consequences on confidentiality, integrity, and availability, such as potential remote code execution via the buffer overflow.
Advisories referenced in VulDB entries (ctiid.350413, id.350413, submit.769586) document the issue and its public exploit availability, while a GitHub repository at https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_21/README.md provides exploit details. The D-Link website (https://www.dlink.com/) is listed but offers no specific mitigation or patch details in the available information. The exploit is public and may be used in attacks.
Details
- CWE(s)