Details of VAR-202507-2488

ID

VAR-202507-2488

CVE

CVE-2025-7910

TITLE

D-Link Systems, Inc. of DIR-513 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-010025

DESCRIPTION

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-513 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-513 is a wireless router device produced by D-Link. Attackers can exploit this vulnerability to trigger a buffer overflow by remotely constructing malicious data, thereby executing arbitrary code or causing the device to crash

Trust: 2.16

sources: NVD: CVE-2025-7910 // JVNDB: JVNDB-2025-010025 // CNVD: CNVD-2025-16669

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16669

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-513	scope:	eq	version:	1.10	Trust: 1.0
vendor:	d link	model:	dir-513	scope:	eq	version:	dir-513 firmware 1.10	Trust: 0.8
vendor:	d link	model:	dir-513	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-513	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-513	scope:	eq	version:	1.10	Trust: 0.6

sources: CNVD: CNVD-2025-16669 // JVNDB: JVNDB-2025-010025 // NVD: CVE-2025-7910

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7910
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-010025
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-16669
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7910
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-010025
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-16669
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7910
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-010025
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-16669 // JVNDB: JVNDB-2025-010025 // NVD: CVE-2025-7910

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-010025 // NVD: CVE-2025-7910

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7910	Trust: 3.2
db:	VULDB	id:	317025	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-010025	Trust: 0.8
db:	CNVD	id:	CNVD-2025-16669	Trust: 0.6

sources: CNVD: CNVD-2025-16669 // JVNDB: JVNDB-2025-010025 // NVD: CVE-2025-7910

REFERENCES

url:	https://vuldb.com/?id.317025	Trust: 2.4
url:	https://vuldb.com/?submit.618594	Trust: 2.4
url:	https://github.com/buobo/bo-s-cve/blob/main/dir-513/formsetwannonlogin.md	Trust: 2.4
url:	https://www.dlink.com/	Trust: 2.4
url:	https://vuldb.com/?ctiid.317025	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7910	Trust: 0.8

sources: CNVD: CNVD-2025-16669 // JVNDB: JVNDB-2025-010025 // NVD: CVE-2025-7910

SOURCES

db:	CNVD	id:	CNVD-2025-16669
db:	JVNDB	id:	JVNDB-2025-010025
db:	NVD	id:	CVE-2025-7910

LAST UPDATE DATE

2025-07-29T23:26:42.074000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-16669	date:	2025-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2025-010025	date:	2025-07-28T06:39:00
db:	NVD	id:	CVE-2025-7910	date:	2025-07-25T14:42:46.550

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-16669	date:	2025-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2025-010025	date:	2025-07-28T00:00:00
db:	NVD	id:	CVE-2025-7910	date:	2025-07-20T22:15:23.873