{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5979/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-5979"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["dlink","router","buffer_overflow","cve-2026-5979"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA buffer overflow vulnerability, CVE-2026-5979, has been identified in D-Link DIR-605L router with firmware version 2.13B01. The vulnerability resides in the \u003ccode\u003eformVirtualServ\u003c/code\u003e function within the \u003ccode\u003e/goform/formVirtualServ\u003c/code\u003e component, specifically within the POST request handler. By manipulating the \u003ccode\u003ecurTime\u003c/code\u003e argument, a remote attacker can trigger a buffer overflow. According to the NVD, an exploit is publicly available, increasing the risk of exploitation. This vulnerability affects end-of-life products, making patching impossible.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable D-Link DIR-605L router running firmware 2.13B01.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP POST request targeting the \u003ccode\u003e/goform/formVirtualServ\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes the \u003ccode\u003ecurTime\u003c/code\u003e argument with a value exceeding the buffer\u0026rsquo;s capacity.\u003c/li\u003e\n\u003cli\u003eThe router\u0026rsquo;s \u003ccode\u003eformVirtualServ\u003c/code\u003e function processes the POST request without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe oversized \u003ccode\u003ecurTime\u003c/code\u003e value overwrites adjacent memory regions on the stack or heap.\u003c/li\u003e\n\u003cli\u003eThe attacker carefully crafts the overflow payload to overwrite the return address.\u003c/li\u003e\n\u003cli\u003eUpon returning from the \u003ccode\u003eformVirtualServ\u003c/code\u003e function, control is transferred to the attacker-controlled address.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code on the router, potentially gaining full control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this buffer overflow vulnerability (CVE-2026-5979) can lead to complete compromise of the D-Link DIR-605L router. Attackers could potentially execute arbitrary code, enabling them to modify router settings, intercept network traffic, or use the compromised device as a pivot point for further attacks within the network. Due to the product being end-of-life, a patch is not available. The number of vulnerable devices is unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor webserver logs for requests to \u003ccode\u003e/goform/formVirtualServ\u003c/code\u003e with unusually long \u003ccode\u003ecurTime\u003c/code\u003e parameters to detect potential exploitation attempts (see Sigma rule \u0026ldquo;Detect Suspiciously Long curTime Parameter in D-Link Routers\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection system (IDS) rules to detect suspicious traffic patterns associated with buffer overflow exploits targeting web interfaces.\u003c/li\u003e\n\u003cli\u003eSince this device is end-of-life, consider replacing the D-Link DIR-605L router with a supported model to mitigate the risk, as there will be no patches issued.\u003c/li\u003e\n\u003cli\u003eExamine network traffic for unusual outbound connections originating from D-Link DIR-605L routers to identify potentially compromised devices (see Sigma rule \u0026ldquo;Detect Outbound Connections from D-Link Routers\u0026rdquo;).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T21:16:13Z","date_published":"2026-04-09T21:16:13Z","id":"/briefs/2026-04-dlink-dir605l-bo/","summary":"A remote buffer overflow vulnerability exists in the D-Link DIR-605L version 2.13B01 due to improper handling of the 'curTime' argument in the '/goform/formVirtualServ' POST request handler, potentially allowing attackers to execute arbitrary code.","title":"D-Link DIR-605L Router Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-dlink-dir605l-bo/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5979","version":"https://jsonfeed.org/version/1.1"}