ID
VAR-202507-2641
CVE
CVE-2025-8159
TITLE
D-Link Corporation of DIR-513 Buffer error vulnerability in firmware
Trust: 0.8
DESCRIPTION
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-513 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-513 is a portable wireless router featuring a slim design and ease of use. It supports IEEE 802.11n and 802.11g/b standards and offers a maximum transmission rate of 300Mbps. An attacker could exploit this vulnerability by remotely manipulating the curTime parameter to trigger a stack overflow, potentially executing arbitrary code or causing a system crash
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dlink | model: | dir-513 | scope: | eq | version: | 1.0 | Trust: 1.0 |
| vendor: | d link | model: | dir-513 | scope: | eq | version: | dir-513 firmware 1.0 | Trust: 0.8 |
| vendor: | d link | model: | dir-513 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dir-513 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dir-513 | scope: | eq | version: | 1.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | CWE-121 | Trust: 1.0 |
| problemtype: | CWE-119 | Trust: 1.0 |
| problemtype: | Buffer error (CWE-119) [ others ] | Trust: 0.8 |
| problemtype: | Stack-based buffer overflow (CWE-121) [ others ] | Trust: 0.8 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-8159 | Trust: 3.2 |
| db: | VULDB | id: | 317573 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2025-014018 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-17352 | Trust: 0.6 |
REFERENCES
| url: | https://vuldb.com/?id.317573 | Trust: 2.4 |
| url: | https://vuldb.com/?submit.620604 | Trust: 2.4 |
| url: | https://www.dlink.com/ | Trust: 2.4 |
| url: | https://vuldb.com/?ctiid.317573 | Trust: 1.6 |
| url: | https://github.com/boyslikesports/vul/blob/main/formlanguagechange.md | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-8159 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-17352 |
| db: | JVNDB | id: | JVNDB-2025-014018 |
| db: | NVD | id: | CVE-2025-8159 |
LAST UPDATE DATE
2025-09-19T23:27:08.270000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-17352 | date: | 2025-08-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-014018 | date: | 2025-09-17T06:34:00 |
| db: | NVD | id: | CVE-2025-8159 | date: | 2025-09-16T19:03:35.610 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-17352 | date: | 2025-08-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-014018 | date: | 2025-09-17T00:00:00 |
| db: | NVD | id: | CVE-2025-8159 | date: | 2025-07-25T15:15:30.093 |