Details of VAR-202507-2641

ID

VAR-202507-2641

CVE

CVE-2025-8159

TITLE

D-Link DIR-513 formLanguageChange function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-17352

DESCRIPTION

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. The D-Link DIR-513 is a portable wireless router featuring a slim design and ease of use. It supports IEEE 802.11n and 802.11g/b standards and offers a maximum transmission rate of 300Mbps. An attacker could exploit this vulnerability by remotely manipulating the curTime parameter to trigger a stack overflow, potentially executing arbitrary code or causing a system crash

Trust: 1.44

sources: NVD: CVE-2025-8159 // CNVD: CNVD-2025-17352

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17352

AFFECTED PRODUCTS

vendor:

d link

model:

dir-513

scope:

version:

1.0

Trust: 0.6

sources: CNVD: CNVD-2025-17352

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-8159
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-17352
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-8159
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-17352
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-8159
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-17352 // NVD: CVE-2025-8159

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0

sources: NVD: CVE-2025-8159

EXTERNAL IDS

db:	NVD	id:	CVE-2025-8159	Trust: 1.6
db:	VULDB	id:	317573	Trust: 1.6
db:	CNVD	id:	CNVD-2025-17352	Trust: 0.6

sources: CNVD: CNVD-2025-17352 // NVD: CVE-2025-8159

REFERENCES

url:	https://vuldb.com/?id.317573	Trust: 1.6
url:	https://vuldb.com/?ctiid.317573	Trust: 1.6
url:	https://vuldb.com/?submit.620604	Trust: 1.6
url:	https://github.com/boyslikesports/vul/blob/main/formlanguagechange.md	Trust: 1.6
url:	https://www.dlink.com/	Trust: 1.6

sources: CNVD: CNVD-2025-17352 // NVD: CVE-2025-8159

SOURCES

db:	CNVD	id:	CNVD-2025-17352
db:	NVD	id:	CVE-2025-8159

LAST UPDATE DATE

2025-08-02T23:15:45.916000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17352	date:	2025-08-01T00:00:00
db:	NVD	id:	CVE-2025-8159	date:	2025-07-25T15:29:19.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17352	date:	2025-08-01T00:00:00
db:	NVD	id:	CVE-2025-8159	date:	2025-07-25T15:15:30.093