CVE 8.7 HIGH

D-Link DIR-605L POST Request formSetDDNS buffer overflow_CVE-2026-5983

April 12, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

AI Analysis

Buffer overflow vulnerability in D-Link DIR-605L via manipulation of the curTime argument in the formSetDDNS function

Basic Information

ID CVE-2026-5983

Source VulDB

Published Apr 9, 2026 at 21:45

Affected Product

Vendor D-Link

Product DIR-605L

Version 2.13B01

Affected Versions D-Link DIR-605L 2.13B01

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor D-Link

Product DIR-605L

Version 2.13B01

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2026-04-09T21:45:14.227Z",
    "modified": "2026-04-09T21:45:14.227Z",
    "type": "cve",
    "title": "D-Link DIR-605L POST Request formSetDDNS buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/356537\nhttps://vuldb.com/vuln/356537/cti\nhttps://vuldb.com/submit/791856\nhttps://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDDNS-33153a41781f802f9997f48dc9cf6304?source=copy_link\nhttps://www.dlink.com/",
    "id": "CVE-2026-5983",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DIR-605L 2.13B01",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DIR-605L",
    "version": "2.13B01",
    "vendor": "D-Link",
    "ai_description": "Buffer overflow vulnerability in D-Link DIR-605L via manipulation of the curTime argument in the formSetDDNS function",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DIR-605L",
    "ai_version": "2.13B01",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply