📄 Description (English)
A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
🤖 AI Executive Summary
A critical stack-based buffer overflow vulnerability exists in D-Link DIR-513 firmware version 1.10 affecting the email configuration function. The vulnerability allows remote attackers to execute arbitrary code by manipulating the curTime parameter. With a CVSS score of 8.8 and publicly available exploits, this poses an immediate threat to organizations using this unsupported device.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 14:00
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations in telecommunications (STC, Mobily), government agencies, and small-to-medium enterprises using D-Link DIR-513 routers for network access. The unsupported status of the device makes it particularly dangerous for critical infrastructure, ARAMCO facilities, and SAMA-regulated financial institutions that may have legacy network equipment. Remote code execution capability could lead to network compromise, data exfiltration, and lateral movement within organizational networks.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Government Agencies
Banking and Financial Services
Energy Sector (ARAMCO)
Healthcare
Small and Medium Enterprises
Educational Institutions
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all D-Link DIR-513 devices running firmware 1.10 in your network using asset inventory tools
2. Isolate affected devices from critical network segments if replacement is not immediately possible
3. Implement network segmentation to restrict access to the device's web interface (port 80/443)
4. Enable firewall rules to block external access to the device
PATCHING GUIDANCE:
1. Since no patch is available from D-Link, device replacement is the primary remediation
2. Contact D-Link support to confirm end-of-life status and explore upgrade options
3. If replacement timeline extends beyond 30 days, implement compensating controls
COMPENSATING CONTROLS:
1. Deploy Web Application Firewall (WAF) rules to block requests to /goform/formSetEmail endpoint
2. Implement strict input validation at network perimeter for curTime parameter
3. Monitor for exploitation attempts using IDS/IPS signatures
4. Restrict administrative access to device management interfaces via VPN only
5. Implement network access control (NAC) to prevent unauthorized device connections
DETECTION RULES:
1. Monitor HTTP POST requests to /goform/formSetEmail with oversized curTime parameters
2. Alert on any stack overflow patterns in device logs
3. Track failed authentication attempts to device management interface
4. Monitor for unusual process execution originating from the device IP address
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة D-Link DIR-513 التي تعمل بالإصدار 1.10 في شبكتك باستخدام أدوات جرد الأصول
2. عزل الأجهزة المتأثرة عن القطاعات الحرجة في الشبكة إذا لم يكن الاستبدال ممكناً فوراً
3. تطبيق قواعد جدار الحماية لتقييد الوصول إلى واجهة الويب للجهاز
4. حظر الوصول الخارجي إلى الجهاز
إرشادات التصحيح:
1. بما أنه لا يوجد تصحيح متاح من D-Link، فإن استبدال الجهاز هو الحل الأساسي
2. التواصل مع دعم D-Link لتأكيد حالة نهاية الحياة واستكشاف خيارات الترقية
3. إذا تجاوزت مدة الاستبدال 30 يوماً، قم بتطبيق ضوابط تعويضية
الضوابط التعويضية:
1. نشر قواعد جدار تطبيقات الويب لحظر الطلبات إلى نقطة النهاية /goform/formSetEmail
2. تطبيق التحقق الصارم من المدخلات على محيط الشبكة لمعامل curTime
3. مراقبة محاولات الاستغلال باستخدام توقيعات IDS/IPS
4. تقييد الوصول الإداري إلى واجهات إدارة الجهاز عبر VPN فقط
5. تطبيق التحكم في الوصول إلى الشبكة (NAC) لمنع اتصالات الأجهزة غير المصرح بها
قواعد الكشف:
1. مراقبة طلبات HTTP POST إلى /goform/formSetEmail بمعاملات curTime كبيرة الحجم
2. التنبيه على أي أنماط تجاوز المخزن المؤقت في سجلات الجهاز
3. تتبع محاولات المصادقة الفاشلة لواجهة إدارة الجهاز
4. مراقبة تنفيذ العمليات غير العادية من عنوان IP للجهاز
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control
ECC 2024 A.8.2 - Information and Other Assets
ECC 2024 A.12.6 - Management of Technical Vulnerabilities
ECC 2024 A.14.2 - System Development and Change Management
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Physical Devices and Software Assets
SAMA CSF PR.DS-6 - Integrity Checking Mechanisms
SAMA CSF DE.CM-1 - The network is monitored to detect potential cybersecurity events
SAMA CSF RS.MI-1 - Incidents are contained
🟡 ISO 27001:2022
ISO 27001:2022 A.5.19 - Secure development policy
ISO 27001:2022 A.8.1 - Asset management
ISO 27001:2022 A.8.2 - Information classification
ISO 27001:2022 A.12.6 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Ensure that all system components and software are protected from known vulnerabilities
🔗 References & Sources 5
🔗
https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_30/README.md
cna@vuldb.com
Exploit
Third Party Advisory
🔗
https://vuldb.com/submit/778414
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/353908
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/vuln/353908/cti
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://www.dlink.com/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
dlink:dir-513_firmware:1.10