CVE-2026-5981
Published: 09 April 2026
Summary
CVE-2026-5981 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-605L Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflow exploitation by validating the curTime argument in the vulnerable POST request handler.
Mitigates successful buffer overflow attacks by protecting memory from unauthorized code execution via safeguards like non-executable memory.
Addresses the end-of-life status of the D-Link DIR-605L firmware by requiring replacement, disallowance, or compensating controls for unsupported components.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in router web interface (formAdvFirewall POST handler) directly enables remote exploitation of a network-accessible application for code execution and full compromise.
NVD Description
A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely.…
more
The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-5981 is a buffer overflow vulnerability in the D-Link DIR-605L router running firmware version 2.13B01. It affects the formAdvFirewall function within the /goform/formAdvFirewall file, part of the POST Request Handler component. The issue arises from improper handling of the curTime argument, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input). The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-04-09.
Attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Exploitation requires low privileges (PR:L), such as those of an authenticated user, allowing remote manipulation of the curTime argument to trigger the buffer overflow. Successful exploitation can result in high impacts on confidentiality, integrity, and availability, potentially leading to full system compromise.
Advisories note that the affected D-Link DIR-605L products are no longer supported by the maintainer, implying no official patches or updates are available. References from VulDB and other sources, including a detailed exploit disclosure on a Notion site, confirm the public availability of exploit information, with links to D-Link's site for further product context.
The exploit has been publicly disclosed and may be used against vulnerable devices, though no specific real-world exploitation in the wild is detailed in available information.
Details
- CWE(s)