CVE-2025-8184

26.07.2025, 09:15

A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDB	CNA	8.8 HIGH				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Vendor	Product	Version
dlink	dir-513_firmware	1.0 ≤ 𝑥 ≤ 1.10

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSetWanPPTP.md

Common Weakness Enumeration

References

https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSetWanPPTP.md

https://vuldb.com/?ctiid.317597

https://vuldb.com/?id.317597

https://vuldb.com/?submit.622222

https://www.dlink.com/