CVE-2026-5980

D-Link DIR-605L POST Request formSetMACFilter buffer overflow

CVSS 8.7 HIGHEPSS 0.7%CWE-119 CWE-120

Vexday Risk Score

41Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 8.7EPSS 0.7%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

09 abr 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Productos afectados

D-Link · DIR-605L

PoCs públicas encontradas — 1

cve_referencelavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetMACFilter-33153a41781f807c8fb4c3a75f7b555e?source=copy_linkno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetMACFilter-33153a41781f807c8fb4c3a75f7b555e?source=copy_link https://vuldb.com/submit/791853 https://vuldb.com/vuln/356534 https://vuldb.com/vuln/356534/cti https://www.dlink.com/