Vulnerabilities ›

CVE-2026-5983

High

CWE-119 — Weakness Type

                    Published: Apr 9, 2026                      ·  Modified: Apr 16, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

🤖 AI Executive Summary

A critical buffer overflow vulnerability exists in D-Link DIR-605L 2.13B01 routers affecting the DDNS configuration function. The vulnerability allows remote attackers to execute arbitrary code by manipulating the curTime parameter in POST requests. With no patch available and the product reaching end-of-life, organizations using this router model face significant risk of compromise.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 15:10

🇸🇦 Saudi Arabia Impact Assessment

Saudi telecommunications providers (STC, Mobily, Zain) and ISPs may have legacy DIR-605L routers deployed in customer networks or internal infrastructure. Government agencies and critical infrastructure operators using these routers for network segmentation face remote code execution risks. Banking sector may be affected if these routers are used in branch office networks or as edge devices. The lack of patch availability creates persistent vulnerability in the Saudi digital infrastructure landscape.

🏢 Affected Saudi Sectors

Telecommunications (STC, Mobily, Zain) Government and Public Administration Banking and Financial Services Energy and Utilities Healthcare Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1133 - External Remote Services T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interpreter T1548 - Abuse Elevation Control Mechanism

⚖️ Saudi Risk Score (AI)

8.5

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify and inventory all D-Link DIR-605L 2.13B01 devices in your network using network scanning tools

2. Isolate affected routers from critical network segments if possible

3. Implement network-level access controls to restrict POST requests to /goform/formSetDDNS endpoint

4. Monitor router logs for suspicious DDNS configuration attempts



Long-term Remediation:

1. Replace DIR-605L routers with supported alternatives from D-Link or other vendors

2. Deploy Web Application Firewall (WAF) rules to block malformed curTime parameters

3. Implement network segmentation to limit router compromise impact

4. Use IDS/IPS signatures to detect buffer overflow attempts targeting /goform/formSetDDNS

5. Disable DDNS functionality if not required

6. Restrict administrative access to router management interfaces



Detection Rules:

- Monitor for POST requests to /goform/formSetDDNS with unusually long curTime values

- Alert on any successful code execution attempts from router processes

- Track firmware version of DIR-605L devices to ensure no unauthorized modifications

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد وحصر جميع أجهزة D-Link DIR-605L 2.13B01 في شبكتك باستخدام أدوات المسح

2. عزل الأجهزة المتأثرة عن قطاعات الشبكة الحرجة إن أمكن

3. تطبيق عناصر تحكم الوصول على مستوى الشبكة لتقييد طلبات POST إلى نقطة نهاية /goform/formSetDDNS

4. مراقبة سجلات الموجه للكشف عن محاولات تكوين DDNS المريبة

العلاج طويل الأجل:

1. استبدال أجهزة DIR-605L بدائل مدعومة من D-Link أو بائعين آخرين

2. نشر قواعد جدار حماية تطبيقات الويب لحجب معاملات curTime المشوهة

3. تطبيق تقسيم الشبكة لتحديد تأثير اختراق الموجه

4. استخدام توقيعات IDS/IPS للكشف عن محاولات تجاوز المخزن المؤقت

5. تعطيل وظيفة DDNS إذا لم تكن مطلوبة

6. تقييد الوصول الإداري إلى واجهات إدارة الموجه

قواعد الكشف:

- مراقبة طلبات POST إلى /goform/formSetDDNS بقيم curTime طويلة بشكل غير عادي

- تنبيه عند أي محاولات تنفيذ كود ناجحة من عمليات الموجه

- تتبع إصدار البرنامج الثابت لأجهزة DIR-605L للتأكد من عدم وجود تعديلات غير مصرح بها

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.2.1 - Monitoring and logging

🔵 SAMA CSF

ID.RA-1 - Asset management and vulnerability identification PR.IP-12 - Security patch management DE.CM-1 - Detection and analysis of anomalies

🟡 ISO 27001:2022

A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development policy A.12.2.1 - Monitoring and logging of access

🟣 PCI DSS v4.0.1

Requirement 6.2 - Security patches and updates Requirement 11.2 - Vulnerability scanning

🔗 References & Sources 5

🔗

https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDDNS-33153a41781f802f99...

cna@vuldb.com

🔗

https://vuldb.com/submit/791856

cna@vuldb.com

🔗

https://vuldb.com/vuln/356537

cna@vuldb.com

🔗

https://vuldb.com/vuln/356537/cti

cna@vuldb.com

🔗

https://www.dlink.com/

cna@vuldb.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-04-09

Source Feed nvd

🇸🇦 Saudi Risk Score

8.5

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5983

💬 Comments

Introduce Yourself

Sign In Required