CVE-2025-70232
Published: 05 March 2026
Description
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter.
Mitigating Controls (NIST 800-53 r5)AI
Directly validates the curTime parameter to block malformed inputs that trigger the stack buffer overflow.
Implements memory protections like stack canaries to prevent arbitrary code execution even if the buffer overflow occurs.
Ensures timely patching of the vulnerable firmware in D-Link DIR-513 to remediate the stack buffer overflow flaw.
Security SummaryAI
CVE-2025-70232 is a stack buffer overflow vulnerability (CWE-121) in D-Link DIR-513 router version 1.10. The flaw occurs via the curTime parameter sent to the goform/formSetMACFilter endpoint. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical, and was published on 2026-03-05T19:16:01.200.
An unauthenticated remote attacker with network access can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables high-impact consequences across confidentiality, integrity, and availability, potentially resulting in arbitrary code execution on the device.
D-Link's security bulletin at https://www.dlink.com/en/security-bulletin/ and product support page for DIR-513 at https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-513 provide relevant advisory information. Further technical details, including a proof-of-concept, are documented in the GitHub repository https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2025-70232.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a critical unauthenticated stack buffer overflow in a public-facing router web interface (goform/formSetMACFilter endpoint), directly enabling remote code execution via T1190: Exploit Public-Facing Application.