CVE-2026-6012
Published: 10 April 2026
Summary
CVE-2026-6012 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflow by validating the curTime argument in POST requests to the formSetPassword handler.
Mandates replacement or prohibition of unsupported system components like the EOL D-Link DIR-513 firmware with no available patches.
Requires identification and timely remediation of the known buffer overflow flaw, driving mitigation or system replacement since no patch exists.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the public-facing web form handler (/goform/formSetPassword) of the router firmware enables remote code execution by authenticated low-privileged users over the network, directly mapping to T1190 Exploit Public-Facing Application for initial access and system compromise.
NVD Description
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to…
more
be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-6012 is a buffer overflow vulnerability in D-Link DIR-513 firmware version 1.10, published on 2026-04-10. The flaw affects the formSetPassword function in the /goform/formSetPassword file within the POST Request Handler component. It is triggered by manipulating the curTime argument, as classified under CWE-119 and CWE-120.
With a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), the vulnerability enables remote exploitation by low-privileged users without requiring user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially leading to full system compromise on affected devices.
Advisories note that this vulnerability only impacts products no longer supported by the maintainer, with no patches available. The exploit has been publicly disclosed and may be used, as detailed in references including VulDB entries and a Notion site analysis; the D-Link website provides general product information but no specific mitigation.
Details
- CWE(s)