| Title | D-Link DIR-513 1.10 Buffer Overflow |
|---|
| Description | A critical stack-based buffer overflow vulnerability exists in the Web management interface of D-Link DIR-513 routers (A1 FW110, A2 FW110). The flaw is located within the formSetWAN_Wizard52 function at memory address 0x44a940.
The vulnerability is triggered when the application processes an HTTP POST request containing a specially crafted, overlong curTime parameter. The program retrieves this parameter via websGetVar and subsequently utilizes the unsafe sprintf function (at 0x44ac84) to format the input into a fixed-size stack buffer v30 (200 bytes) located at SP + 0xE0.
Because the function lacks any boundary or length validation for the curTime input, an attacker can provide a payload that overflows the buffer and overwrites the saved return address (RA) at SP + 0x1C8. This allows a remote attacker to hijack the program's control flow, leading to a Denial of Service (DoS) or arbitrary Remote Code Execution (RCE) with elevated privileges. |
|---|
| Source | ⚠️ https://github.com/InfiniteLin/Lin-s-CVEdb/tree/main/DIR-513/formSetWAN_Wizard52 |
|---|
| User | AttackingLin (UID 88138) |
|---|
| Submission | 03/06/2026 04:50 (3 months ago) |
|---|
| Moderation | 03/20/2026 09:27 (14 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 349838 [D-Link DIR-513 1.10 formSetWAN_Wizard52 curTime stack-based overflow] |
|---|
| Points | 0 |
|---|