CVE Alert: CVE-2025-10792 – D-Link – DIR-513
CVE-2025-10792
A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
AI Summary Analysis
Risk verdict
High risk: remote, unauthenticated access with total impact is publicly demonstrated via PoC; exploitability is substantively likely given public disclosure and CVSS metrics.
Why this matters
An attacker could seize full control of the device, exfiltrate data, or pivot to other devices on the LAN. The vulnerability affects an out-of-support model, meaning patches are unlikely; this elevates exposure across home and small office deployments.
Most likely attack path
Remote attacker requires no user interaction but does need network access and low privileges on the target. Successful exploitation yields total compromise of the device, with high confidentiality, integrity and availability impact, enabling lateral movement within the local network from the router.
Who is most exposed
Home users and small businesses deploying the DIR-513 on legacy firmware are at risk, particularly where WPS or remote management features are enabled and devices lack ongoing vendor updates.
Detection ideas
- Logs or IDS flagged requests to /goform/formWPS with unusual payloads.
- System crashes or memory corruption events tied to WPS form handling.
- Unusual CPU/memory spikes on the router corresponding to exploitation attempts.
- Repeated unauthenticated access attempts from any network source.
- Indicator signatures or IOAs from CTI feeds related to this PoC.
Mitigation and prioritisation
- Apply any vendor patch if available; otherwise decommission or replace the device.
- Disable WPS, remote management, UPnP; restrict management to trusted endpoints.
- Segment the device onto a dedicated network and implement strict egress/ingress rules; deny broad internet access.
- Monitor for exploitation attempts; deploy anomaly detection on LAN traffic patterns.
- Asset inventory and change management: plan remediation or replacement for unsupported devices.
- If KEV is true or EPSS ≥ 0.5 (data not provided here), treat as priority 1. If those data become available, adjust urgency accordingly.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
