CVE-2026-6013

HighPublic PoC

Published: 10 April 2026

Published

10 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0008 22.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6013 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-513 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SA-22 Unsupported System Components good match

prevent

Directly mandates replacement or prohibition of unsupported system components like the EOL D-Link DIR-513 firmware with no patches available for CVE-2026-6013.

SI-10 Information Input Validation good match

prevent

Requires validation of inputs like the curTime argument in the POST request handler to prevent the buffer overflow exploitation.

SI-16 Memory Protection good match

prevent

Implements memory protections such as ASLR or stack canaries to mitigate arbitrary code execution from the buffer overflow in formSetRoute.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in public-facing web interface (formSetRoute) allows authenticated low-priv remote attacker to achieve RCE on the device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from…

remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2026-6013 is a buffer overflow vulnerability in the D-Link DIR-513 router running firmware version 1.10. It affects the formSetRoute function within the /goform/formSetRoute file of the POST Request Handler component, where manipulation of the curTime argument triggers the overflow. The issue corresponds to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by an authenticated attacker with low privileges, requiring low attack complexity and no user interaction. Successful exploitation can result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution on the affected device. A public exploit is available, increasing the risk for vulnerable installations.

This vulnerability impacts only D-Link DIR-513 products that are no longer supported by the manufacturer, meaning no official patches or firmware updates are available. Security practitioners should consult advisories from sources like VulDB (e.g., vuldb.com/vuln/356569) and the D-Link website for confirmation, and consider network segmentation, access controls, or device retirement to mitigate exposure. The exploit's public availability heightens the urgency for unsupported legacy devices.

Details

CWE(s): CWE-119 CWE-120

Affected Products

dlink

dir-513 firmware

1.10

CVEs Like This One

CVE-2026-6012Same product: Dlink Dir-513

CVE-2026-6014Same product: Dlink Dir-513

CVE-2025-8169Same product: Dlink Dir-513

CVE-2026-5024Same product: Dlink Dir-513

CVE-2026-4486Same product: Dlink Dir-513

CVE-2026-4555Same product: Dlink Dir-513

CVE-2025-10792Same product: Dlink Dir-513

CVE-2025-46108Same product: Dlink Dir-513

CVE-2025-8168Same product: Dlink Dir-513

CVE-2026-3978Same product: Dlink Dir-513

References

https://lavender-bicycle-a5a.notion.site/D-Link-DIR-513-formSetRoute-33153a41781f80f7aed1d3614c199d85?source=copy_link
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/791859
Third Party Advisory, Vendor Advisory · cna@vuldb.com
https://vuldb.com/vuln/356569
Third Party Advisory, Vendor Advisory · cna@vuldb.com
https://vuldb.com/vuln/356569/cti
Permissions Required, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com