{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3978", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-11T14:22:33.402Z", "datePublished": "2026-03-12T03:32:10.044Z", "dateUpdated": "2026-03-12T16:17:30.987Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T03:32:10.044Z"}, "title": "D-Link DIR-513 formEasySetupWizard3 stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "D-Link", "product": "DIR-513", "versions": [{"version": "1.10", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-11T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-11T15:27:37.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LtzHust2 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.350413", "name": "VDB-350413 | D-Link DIR-513 formEasySetupWizard3 stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350413", "name": "VDB-350413 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769586", "name": "Submit #769586 | D-Link DIR-513 1.10 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_21/README.md", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T13:45:47.820416Z", "id": "CVE-2026-3978", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:17:30.987Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3978", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T13:45:47.820416Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T13:45:54.256Z"}}], "cna": {"title": "D-Link DIR-513 formEasySetupWizard3 stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "LtzHust2 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "D-Link", "product": "DIR-513", "versions": [{"status": "affected", "version": "1.10"}]}], "timeline": [{"lang": "en", "time": "2026-03-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-11T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-11T15:27:37.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.350413", "name": "VDB-350413 | D-Link DIR-513 formEasySetupWizard3 stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350413", "name": "VDB-350413 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769586", "name": "Submit #769586 | D-Link DIR-513 1.10 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_21/README.md", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T03:32:10.044Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3978", "state": "PUBLISHED", "dateUpdated": "2026-03-12T16:17:30.987Z", "dateReserved": "2026-03-11T14:22:33.402Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-12T03:32:10.044Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-513_firmware:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "3DF100F1-CDF4-4B41-B19F-D576B72DC3CD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-513:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BA55B8A-4781-4004-B936-0F212C1A6316", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en D-Link DIR-513 1.10. El elemento afectado es una funci\u00f3n desconocida del archivo /goform/formEasySetupWizard3. La manipulaci\u00f3n del argumento wan_connected resulta en desbordamiento de b\u00fafer basado en pila. El ataque puede ser lanzado remotamente. El exploit es ahora p\u00fablico y puede ser usado."}], "id": "CVE-2026-3978", "lastModified": "2026-03-16T17:59:57.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-12T04:16:40.173", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_21/README.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.350413"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.350413"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.769586"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.10"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DIR-513", "source": "cna", "vendor": "D-Link"}, "product": "dir-513", "vendor": "d-link"}], "analysis": {"en": {"generated_at": "2026-03-17T16:16:07.514815+00:00", "value": {"mitigation_remediation": ["Check the current firmware version of the D\u2011Link DIR\u2011513 router.", "Visit the official D\u2011Link website or trusted security advisories for any firmware updates or advisories related to CVE\u20112026\u20113978.", "If an updated firmware version is available, perform a firmware upgrade following D\u2011Link\u2019s instructions.", "If no patch is available, restrict remote access to the router\u2019s management interface (for example, disable WAN access to the /goform endpoint).", "Continuously monitor router logs for any suspicious activity or attempted exploitation attempts."], "summary": {"action": "Apply Firmware Upgrade", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected system is the D\u2011Link DIR\u2011513 router running firmware version 1.10. The product is identified by the CPE strings \"cpe:2.3:h:dlink:dir\u2011513:-:*:*:*:*:*:*:*\" and \"cpe:2.3:o:dlink:dir\u2011513_firmware:1.10:*:*:*:*:*:*:\". Only this firmware build is listed as vulnerable.", "description_and_impact": "The vulnerability lies in the D-Link DIR\u2011513 firmware 1.10, specifically within the /goform/formEasySetupWizard3 endpoint. Manipulating the wan_connected argument triggers a stack\u2011based buffer overflow, which can allow an attacker to execute arbitrary code. This type of flaw is classified under CWE\u2011119 (Buffer Overflow) and CWE\u2011121 (Stack-Based Buffer Overflow). The direct effect is the compromise of confidentiality, integrity and availability of the device, potentially giving an attacker full control over the router.", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high severity, and the EPSS score of less than 1% suggests a low likelihood of widespread exploitation at present. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, the exploit can be launched remotely via the /goform/formEasySetupWizard3 interface, implying a remote attack vector. Attackers would need network access to the router\u2019s management interface to send a crafted WAN-connected request, leading to a stack-based buffer overflow and remote code execution."}}}}, "created": "2026-03-13T09:53:38.471514+00:00", "updated": "2026-03-20T15:36:07.127332+00:00", "vendors": ["d-link", "d-link$PRODUCT$dir-513"]}