CVE-2026-4555

HighPublic PoC

Published: 22 March 2026

Published

22 March 2026

Modified

03 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0005 16.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4555 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates the curTime argument in the formEasySetTimezone function to prevent stack-based buffer overflow from malformed inputs.

SI-16 Memory Protection good match

prevent

Implements memory safeguards such as stack canaries or DEP to protect against arbitrary code execution from stack buffer overflows.

SA-22 Unsupported System Components good match

prevent

Prohibits or isolates use of end-of-life D-Link DIR-513 routers lacking vendor patches for this vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in public-facing boa web server (/goform/formEasySetTimezone) enables remote authenticated RCE on network device (T1190); low-priv authenticated access escalates to full compromise via arbitrary code execution (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely.…

The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2026-4555 is a stack-based buffer overflow vulnerability in the D-Link DIR-513 router running firmware version 1.10. The issue resides in the formEasySetTimezone function within the /goform/formEasySetTimezone file of the boa web server component. It is triggered by manipulating the curTime argument, leading to potential overflow conditions. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWEs 119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), 121 (Stack-based Buffer Overflow), and 787 (Out-of-bounds Write).

The vulnerability can be exploited remotely by an attacker with low privileges, such as an authenticated user on the device. Successful exploitation allows arbitrary code execution with high impacts on confidentiality, integrity, and availability, potentially enabling full compromise of the router. An exploit is publicly available, facilitating attacks against vulnerable devices.

Advisories from sources like VulDB indicate that the vulnerability affects only products no longer supported by D-Link, with no patches or official mitigations available. References point to detailed exploit information on GitHub and VulDB entries, while the D-Link website provides general product support details but no specific remediation for this end-of-life device.

In notable context, the public availability of the exploit increases the risk of real-world attacks on exposed, unsupported D-Link DIR-513 routers.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

dlink

dir-513 firmware

1.10

CVEs Like This One

CVE-2026-5024Same product: Dlink Dir-513

CVE-2026-4486Same product: Dlink Dir-513

CVE-2025-8159Same product: Dlink Dir-513

CVE-2025-8184Same product: Dlink Dir-513

CVE-2026-6013Same product: Dlink Dir-513

CVE-2025-70236Same product: Dlink Dir-513

CVE-2026-3978Same product: Dlink Dir-513

CVE-2025-7909Same product: Dlink Dir-513

CVE-2025-70241Same product: Dlink Dir-513

CVE-2025-70234Same product: Dlink Dir-513

References

https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_24/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.352382
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.352382
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.774936
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com