CVE-2026-5982

D-Link DIR-605L POST Request formAdvNetwork buffer overflow

CVSS 8.7 HIGHEPSS 0.7%CWE-119 CWE-120

Vexday Risk Score

41Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 8.7EPSS 0.7%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

09 abr 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Productos afectados

D-Link · DIR-605L

PoCs públicas encontradas — 1

cve_referencelavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formAdvNetwork-33153a41781f80f9a47bd5e073fc00ae?source=copy_linkno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formAdvNetwork-33153a41781f80f9a47bd5e073fc00ae?source=copy_link https://vuldb.com/submit/791855 https://vuldb.com/vuln/356536 https://vuldb.com/vuln/356536/cti https://www.dlink.com/