CVE-2026-4486
HIGHD-Link DIR-513 Web Service formEasySetPassword stack-based overflow
Title source: cnaDescription
A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
References (7)
Core 7
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-352009 | D-Link DIR-513 Web Service formEasySetPassword stack-based overflow
https://vuldb.com/?id.352009
Signature, Permissions Required signature
permissions-required
VDB-352009 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/?ctiid.352009
Third Party Advisory third-party-advisory
Submit #773537 | D-Link DIR-513 1.10 Buffer Overflow
https://vuldb.com/?submit.773537
Third Party Advisory third-party-advisory
Submit #773566 | D-Link DIR-513 1.10 Buffer Overflow (Duplicate)
https://vuldb.com/?submit.773566
Related related
https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formEasySetPassword/formEasySetPassword.md
Exploit exploit
https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formEasySetPassword/poc.py
Product product
https://www.dlink.com/
Scores
CVSS v3
8.8
EPSS
0.0061
EPSS Percentile
44.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-121
CWE-787
Status
published
Products (2)
D-Link/DIR-513
1.10
dlink/dir-513_firmware
1.10
Published
Mar 20, 2026
Tracked Since
Mar 20, 2026