CVE-2026-5984

D-Link DIR-605L POST Request formSetLog buffer overflow

CVSS 8.7 HIGHEPSS 0.8%CWE-119 CWE-120

Vexday Risk Score

41Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 8.7EPSS 0.8%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

09 abr 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Productos afectados

D-Link · DIR-605L

PoCs públicas encontradas — 1

cve_referencelavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetLog-33153a41781f8038bbbcc04073d7875b?source=copy_linkno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetLog-33153a41781f8038bbbcc04073d7875b?source=copy_link https://vuldb.com/submit/791857 https://vuldb.com/vuln/356538 https://vuldb.com/vuln/356538/cti https://www.dlink.com/