A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
PUBLISHED5.2CWE-121CWE-119unsupported-when-assigned
D-Link DIR-513 boa formEasySetTimezone memory corruption
Problem type
Affected products
D-Link
DIR-513
1.10 - AFFECTED
References
VDB-352382 | D-Link DIR-513 boa formEasySetTimezone memory corruption
https://vuldb.com/?id.352382
VDB-352382 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/?ctiid.352382
Submit #774936 | D-Link DIR-513 1.10 Stack-based Buffer Overflow
https://vuldb.com/?submit.774936
github.com
https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_24/README.md
dlink.com
https://www.dlink.com/
GitHub Security Advisories
GHSA-fwg7-xgp7-84j9
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function...
https://github.com/advisories/GHSA-fwg7-xgp7-84j9A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-4555
github.com
https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_24/README.md
vuldb.com
https://vuldb.com/?ctiid.352382
vuldb.com
https://vuldb.com/?id.352382
vuldb.com
https://vuldb.com/?submit.774936
dlink.com
https://www.dlink.com
github.com
https://github.com/advisories/GHSA-fwg7-xgp7-84j9
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-4555Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-4555",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-03-22T16:51:22.507Z",
"dateReserved": "2026-03-21T17:01:53.514Z",
"datePublished": "2026-03-22T16:51:22.507Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-03-22T16:51:22.507Z"
},
"title": "D-Link DIR-513 boa formEasySetTimezone memory corruption",
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"affected": [
{
"vendor": "D-Link",
"product": "DIR-513",
"modules": [
"boa"
],
"versions": [
{
"version": "1.10",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Stack-based Buffer Overflow",
"cweId": "CWE-121",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Memory Corruption",
"cweId": "CWE-119",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.352382",
"name": "VDB-352382 | D-Link DIR-513 boa formEasySetTimezone memory corruption",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.352382",
"name": "VDB-352382 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.774936",
"name": "Submit #774936 | D-Link DIR-513 1.10 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/Litengzheng/vul_db/blob/main/Dir513/vul_24/README.md",
"tags": [
"exploit"
]
},
{
"url": "https://www.dlink.com/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"baseScore": 9
}
}
],
"timeline": [
{
"time": "2026-03-21T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-03-21T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-03-21T18:07:09.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "LtzHust2 (VulDB User)",
"type": "reporter"
}
],
"tags": [
"unsupported-when-assigned"
]
}
}
}