CVE-2026-5979
Published: 09 April 2026
Summary
CVE-2026-5979 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-605L Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflow by enforcing input validation on the curTime argument in the POST request handler.
Implements memory protections like address space randomization and stack canaries to thwart exploitation of the buffer overflow vulnerability.
Requires replacement or isolation of the end-of-support D-Link DIR-605L router, eliminating exposure to this unpatchable vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the public-facing web interface (POST form handler) of a network device directly enables remote exploitation of the application as described in T1190.
NVD Description
A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be…
more
launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-5979 is a buffer overflow vulnerability affecting the D-Link DIR-605L router on firmware version 2.13B01. The flaw exists in the formVirtualServ function of the /goform/formVirtualServ file within the POST Request Handler component. Manipulation of the curTime argument triggers the buffer overflow, as classified under CWE-119 and CWE-120.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity. It can be exploited remotely by attackers with low privileges, requiring no user interaction. Successful exploitation enables high impacts on confidentiality, integrity, and availability, with a public exploit available for use.
This issue only affects products no longer supported by the maintainer, precluding official patches or updates. Advisory references, including VulDB entries and the D-Link website, document the vulnerability but provide no mitigation beyond noting the end-of-support status.
Details
- CWE(s)