Sign-up

ID

VAR-202507-2471


CVE

CVE-2025-7909


TITLE

D-Link DIR-513 Buffer Overflow Vulnerability (CNVD-2025-16670)

Trust: 0.6

sources: CNVD: CNVD-2025-16670

DESCRIPTION

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-513 is a wireless router device produced by D-Link. Attackers can exploit this vulnerability to trigger a buffer overflow by remotely constructing malicious data, thereby executing arbitrary code or causing the device to crash

Trust: 1.44

sources: NVD: CVE-2025-7909 // CNVD: CNVD-2025-16670

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-16670

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-513scope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dir-513scope:eqversion:1.0

Trust: 0.6

sources: CNVD: CNVD-2025-16670 // NVD: CVE-2025-7909

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-7909
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-16670
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-7909
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-16670
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-7909
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-16670 // NVD: CVE-2025-7909

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2025-7909

EXTERNAL IDS

db:NVDid:CVE-2025-7909

Trust: 1.6

db:VULDBid:317024

Trust: 1.6

db:CNVDid:CNVD-2025-16670

Trust: 0.6

sources: CNVD: CNVD-2025-16670 // NVD: CVE-2025-7909

REFERENCES

url:https://vuldb.com/?id.317024

Trust: 1.6

url:https://vuldb.com/?ctiid.317024

Trust: 1.6

url:https://vuldb.com/?submit.618593

Trust: 1.6

url:https://github.com/buobo/bo-s-cve/blob/main/dir-513/formlansetuproutersettings.md

Trust: 1.6

url:https://www.dlink.com/

Trust: 1.6

sources: CNVD: CNVD-2025-16670 // NVD: CVE-2025-7909

SOURCES

db:CNVDid:CNVD-2025-16670
db:NVDid:CVE-2025-7909

LAST UPDATE DATE

2025-07-26T23:17:06.407000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-16670date:2025-07-23T00:00:00
db:NVDid:CVE-2025-7909date:2025-07-25T14:46:52.650

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-16670date:2025-07-23T00:00:00
db:NVDid:CVE-2025-7909date:2025-07-20T22:15:23.640