CVE-2026-4486

HighPublic PoC

Published: 20 March 2026

Published

20 March 2026

Modified

03 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0009 25.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4486 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Information input validation directly prevents manipulation of the curTime argument that triggers the stack-based buffer overflow in the formEasySetPassword function.

SI-16 Memory Protection good match

prevent

Memory protection mechanisms such as ASLR and non-executable stacks mitigate exploitation of the stack-based buffer overflow even if invalid input is processed.

SI-2 Flaw Remediation good match

prevent

Flaw remediation requires addressing the known buffer overflow vulnerability through patching, configuration hardening, or removal of the unsupported vulnerable component.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in public-facing web service (/goform/formEasySetPassword) with PR:L allows remote unauthenticated-style RCE on network device, directly enabling T1190 (exploit public-facing app) and T1068 (exploitation for privilege escalation to full code execution).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote.…

The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2026-4486 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121, CWE-787) in D-Link DIR-513 firmware version 1.10. It affects the formEasySetPassword function within the /goform/formEasySetPassword file of the Web Service component, triggered by manipulation of the curTime argument.

The vulnerability enables remote exploitation by attackers with low privileges (PR:L), requiring low attack complexity and no user interaction (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, score 8.8). Successful attacks can result in high impacts to confidentiality, integrity, and availability, potentially leading to arbitrary code execution.

References, including VulDB entries and GitHub repositories, disclose a public proof-of-concept exploit. The vulnerability only affects products no longer supported by the maintainer, with no patches available; mitigation relies on network isolation or device replacement.

A public exploit exists and could be used against vulnerable devices.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

dlink

dir-513 firmware

1.10

CVEs Like This One

CVE-2026-5024Same product: Dlink Dir-513

CVE-2026-4555Same product: Dlink Dir-513

CVE-2025-8159Same product: Dlink Dir-513

CVE-2025-8184Same product: Dlink Dir-513

CVE-2026-6013Same product: Dlink Dir-513

CVE-2025-70236Same product: Dlink Dir-513

CVE-2026-3978Same product: Dlink Dir-513

CVE-2025-7909Same product: Dlink Dir-513

CVE-2025-70241Same product: Dlink Dir-513

CVE-2025-70234Same product: Dlink Dir-513

References

https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formEasySetPassword/formEasySetPassword.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formEasySetPassword/poc.py
Exploit · cna@vuldb.com
https://vuldb.com/?ctiid.352009
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.352009
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.773537
Issue Tracking, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.773566
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com