CVE-2025-7910 in DIR-513info

Summary

by MITRE • 07/21/2025

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/25/2025

The vulnerability identified as CVE-2025-7910 represents a critical stack-based buffer overflow in the D-Link DIR-513 wireless router model running firmware version 1.10. This issue resides within the Boa web server component that serves as the web interface for the device. The vulnerability specifically impacts the sprintf function located in the /goform/formSetWanNonLogin file, which is part of the router's web management interface. The flaw occurs when processing the curTime argument, creating a condition where user-supplied input can overflow the allocated stack buffer space. This type of vulnerability falls under CWE-121 stack-based buffer overflow, which is classified as a serious security weakness that can lead to arbitrary code execution and complete system compromise.

The technical exploitation of this vulnerability occurs through remote network access, allowing attackers to craft malicious input that triggers the buffer overflow when the web server processes the curTime parameter. The stack-based nature of the overflow means that the attacker can overwrite return addresses and other critical stack data, potentially enabling arbitrary code execution with the privileges of the web server process. This particular vulnerability affects only unsupported D-Link DIR-513 devices, indicating that the manufacturer has ceased providing security updates for this model, leaving users exposed to potential exploitation. The fact that an exploit has been publicly disclosed further increases the risk to affected users, as malicious actors can readily leverage this knowledge to compromise vulnerable systems.

The operational impact of this vulnerability extends beyond simple remote code execution to encompass complete system takeover capabilities. An attacker who successfully exploits this vulnerability could gain full administrative control over the affected router, potentially enabling them to modify network configurations, intercept traffic, establish backdoors, or use the device as a pivot point for attacking other systems within the local network. The web-based nature of the attack vector makes this particularly concerning as it requires no physical access to the device and can be executed from anywhere on the internet. The vulnerability's classification as critical by security vendors underscores the severity of potential consequences, including unauthorized network access, data interception, and the ability to disrupt network services.

Organizations and individuals using affected D-Link DIR-513 devices should immediately implement mitigation strategies to protect against exploitation. The primary recommendation is to cease using the unsupported device and upgrade to a supported model from D-Link or another vendor. Network segmentation and firewall rules should be implemented to restrict access to the router's web management interface from untrusted networks. Additionally, monitoring network traffic for unusual patterns that might indicate exploitation attempts can help detect compromise. The vulnerability demonstrates the importance of maintaining supported firmware versions and highlights the risks associated with continuing to use end-of-life networking equipment. This case also illustrates how vulnerabilities in embedded web servers can create persistent security risks when manufacturers discontinue support for older devices, leaving users vulnerable to known exploits. The ATT&CK framework categorizes this as a remote code execution technique, with potential for privilege escalation and persistence mechanisms that could be leveraged by threat actors.

Responsible

VulDB

Disclosure

07/21/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.01153

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!