CVE-2025-46108
Published: 04 March 2026
Description
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup.
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the buffer overflow vulnerability in formTcpipSetup by applying vendor firmware patches or updates from D-Link.
Enforces validation of inputs to the formTcpipSetup function to prevent buffer overflows from malformed network requests.
Implements memory protections like ASLR and DEP to thwart arbitrary code execution even if the buffer overflow in formTcpipSetup is triggered.
Security SummaryAI
CVE-2025-46108 is a buffer overflow vulnerability (CWE-120) affecting the D-Link DIR-513 router on firmware version A1FW110, specifically in the formTcpipSetup function. Published on 2026-03-04, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.
Remote, unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation grants high impacts across confidentiality, integrity, and availability, enabling attackers to potentially execute arbitrary code, disrupt device operations, or gain full control of the affected router.
Advisories and mitigation guidance are referenced in D-Link's security bulletin at https://www.dlink.com/en/security-bulletin/, along with technical details in GitHub repositories including https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2025-46108 and https://github.com/buobo/bo-s-CVE/blob/main/DIR-513/formTcpipSetup.md.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote, unauthenticated buffer overflow in a public-facing router's web interface (formTcpipSetup), enabling arbitrary code execution and full device control, directly mapping to exploitation of public-facing applications.