CVE-2025-7910 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-7910?

CVE-2025-7910 has a CVSS score of 8.8 (HIGH). A critical stack-based buffer overflow vulnerability in D-Link DIR-513 routers allows remote attackers to execute arbitrary code by exploiting the sprintf function in the Boa webserver. This affects all DIR-513 routers running firmware version 1.10. The vulnerability is particularly dangerous because these products are no longer supported by the vendor.

📋 TL;DR

A critical stack-based buffer overflow vulnerability in D-Link DIR-513 routers allows remote attackers to execute arbitrary code by exploiting the sprintf function in the Boa webserver. This affects all DIR-513 routers running firmware version 1.10. The vulnerability is particularly dangerous because these products are no longer supported by the vendor.

💻 Affected Systems

Products:

D-Link DIR-513

Versions: 1.10

Operating Systems: Embedded Linux (Boa webserver)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects products with Boa webserver component. Devices are end-of-life with no vendor support.

📦 What is this software?

Dir 513 Firmware by Dlink

View all CVEs affecting Dir 513 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence installation, and use as a foothold for lateral movement in the network.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the device in botnets.

🟢

If Mitigated

Limited impact if device is isolated from internet and critical networks, though local network attacks remain possible.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via the webserver, making internet-facing devices immediate targets.

🏢 Internal Only: HIGH - Even internally, the webserver is accessible and vulnerable to network-based attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://www.dlink.com/

Restart Required: No

Instructions:

No official patch available. D-Link has ended support for DIR-513. Immediate replacement is recommended.

🔧 Temporary Workarounds

Disable WAN Management

all

Disable remote management interface to prevent external exploitation

Access router admin interface > Advanced > Remote Management > Disable

Network Segmentation

all

Isolate DIR-513 devices in separate VLAN with strict firewall rules

🧯 If You Can't Patch

Immediately replace DIR-513 routers with supported models
Implement strict network segmentation and firewall rules to limit device access

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface or by accessing http://[router-ip]/goform/formSetWanNonLogin with curl

Check Version:

curl -s http://[router-ip]/ | grep -i 'firmware' or check admin interface

Verify Fix Applied:

No fix available. Verify replacement with supported hardware.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/formSetWanNonLogin
Large payloads in curTime parameter
Webserver crash logs

Network Indicators:

HTTP POST requests to /goform/formSetWanNonLogin with crafted curTime parameter
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND uri="/goform/formSetWanNonLogin" AND (param="curTime" AND length(value)>100)

📊 Metadata

CVE ID: CVE-2025-7910

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.38% exploit probability (59th percentile)

Published: July 20, 2025

Last Updated: July 25, 2025

🔗 References

https://github.com/buobo/bo-s-CVE/blob/main/DIR-513/formSetWanNonLogin.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.317025 Permissions Required,VDB Entry
https://vuldb.com/?id.317025 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.618594 Third Party Advisory,VDB Entry
https://www.dlink.com/ Product
https://github.com/buobo/bo-s-CVE/blob/main/DIR-513/formSetWanNonLogin.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7910, you might also want to check these: