D-Link DIR-513 routers contain a critical stack buffer overflow vulnerability in the advanced network configuration form, allowing unauthenticated attackers to gain remote control.

This is a stack-based buffer overflow vulnerability in the goform/formAdvNetwork endpoint. An unauthenticated remote attacker can exploit this by providing an excessively long value to the curTime parameter, causing memory corruption and potentially allowing for arbitrary code execution.

This vulnerability carries a CVSS score of 9.8, signifying a critical risk to the network perimeter. Successful exploitation allows for complete device takeover, enabling attackers to intercept sensitive communications, disrupt internet connectivity, and pivot to other systems within the internal network environment.

Immediate Action: Apply the latest firmware update from D-Link for the DIR-513 router to patch the vulnerable goform endpoints.

Proactive Monitoring: Audit network logs for suspicious POST requests to the /goform/ directory and monitor for unauthorized administrative access to the router.

Compensating Controls: Restrict access to the router’s web management interface and implement strong firewall rules to limit exposure of the device to the public internet.

Public Exploit Available: false

Immediate action is required to patch or replace the affected D-Link DIR-513 routers. Because this vulnerability can be exploited without authentication, it represents a high-priority risk that could lead to the full compromise of the local network infrastructure.