Primary

Context

D-Link DIR-513 Path Traversal Vulnerability in Authentication Code Handling

Vulnerability

A critical path traversal vulnerability has been identified in the D-Link DIR-513 router, specifically in version 1.10. The issue arises in the '/goform/formLogin' endpoint, where POST requests related to verification codes are processed. The vulnerability is caused by the improper filtering of the 'FILECODE' parameter, allowing attackers to traverse directories and potentially access restricted files.

Impact

Exploitation of this vulnerability allows for path traversal, enabling attackers to access files outside the intended directory.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/formLogin' with a crafted 'curTime' parameter that includes directory traversal sequences. The 'FILECODE' parameter should be left empty. This will trigger the vulnerability by exploiting the lack of proper input validation, allowing for unauthorized file access.

Added: Mar 5, 2026, 7:34 PM

Updated: Mar 5, 2026, 7:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-513 Path Traversal Vulnerability in Authentication Code Handling

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating