CVE-2026-5024
Published: 29 March 2026
Summary
CVE-2026-5024 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prohibits the use of unsupported system components like the end-of-life D-Link DIR-513, directly addressing the unpatchable buffer overflow vulnerability.
Requires timely identification, reporting, and remediation of flaws such as this stack-based buffer overflow through replacement or risk-based mitigations.
Mandates validation and limiting of inputs like the curTime argument to prevent stack-based buffer overflows from malformed data.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public web form (formSetEmail) enables remote code execution on network device; low-privilege requirement plus high CIA impact directly maps to exploiting public-facing app for initial access and privilege escalation.
NVD Description
A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The…
more
exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-5024 is a stack-based buffer overflow vulnerability affecting D-Link DIR-513 version 1.10. The flaw exists in the formSetEmail function of the /goform/formSetEmail file, where manipulation of the curTime argument triggers the overflow. It is associated with CWE-119, CWE-121, and CWE-787.
The vulnerability is remotely exploitable over the network by an attacker with low privileges, requiring low attack complexity and no user interaction. Per its CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), successful exploitation can result in high impacts to confidentiality, integrity, and availability.
Advisories note that the vulnerability only affects products no longer supported by the maintainer, with no patches available. An exploit has been publicly disclosed and could be used, as detailed in references including GitHub and VulDB entries. The D-Link website is also referenced, though it provides no specific mitigation for this end-of-life device.
Details
- CWE(s)