CVE-2026-5982
Published: 09 April 2026
Summary
CVE-2026-5982 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-605L Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation and sanitization of the curTime POST parameter to prevent buffer overflow from malformed input.
Implements memory protections like stack canaries, ASLR, and non-executable memory to mitigate exploitation of the buffer overflow vulnerability.
Prohibits or restricts use of unsupported system components like the end-of-life D-Link DIR-605L firmware, directly addressing the lack of patches for this vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing web form (/goform/formAdvNetwork) enables remote exploitation for device compromise, directly mapping to T1190.
NVD Description
A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack…
more
is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-5982 is a buffer overflow vulnerability affecting the D-Link DIR-605L router on firmware version 2.13B01. The flaw exists in the formAdvNetwork function of the /goform/formAdvNetwork file within the POST Request Handler component. Manipulation of the curTime argument triggers the buffer overflow, as associated with CWE-119 and CWE-120.
Remote exploitation is possible with low complexity over the network by an attacker possessing low privileges, requiring no user interaction. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates high impacts on confidentiality, integrity, and availability, enabling potential full compromise of the device.
Affected products are no longer supported by the maintainer, precluding official patches or updates. Advisories confirm a public exploit is available and could be used, with details documented in VulDB entries and a proof-of-concept linked on a Notion site; the D-Link website provides general product information but no specific mitigation for this issue.
Details
- CWE(s)