This is a remotely exploitable stack-based buffer overflow vulnerability in end-of-life D-Link DIR-513 routers. Manipulation of the curTime argument to the formSetEmail function triggers the vulnerability, which can lead to arbitrary code execution. The product is no longer supported by D-Link, and public exploit code is available.
Remediation
Replace the unsupported D-Link DIR-513 device with a currently maintained, supported router as no security patch will be released for this vulnerability. If replacement is delayed, block all external access to the device's management interface. Audit network traffic for unauthorized activity related to the device.
Exploit info
The exploit has been released to the public; public references are available at https://app.opencve.io/cve/CVE-2026-5024 or https://vulners.com/cve/CVE-2026-5024. | Potential exploit details can be searched in Exploit-DB or GitHub: https://www.exploit-db.com/search?cve=CVE-2026-5024 | https://github.com/search?q=CVE-2026-5024+exploit
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.