CVE-2025-47910: 
Linux openSUSE vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-47910) was discovered in D-Link DIR-513 firmware version 1.10, affecting the sprintf function within the /goform/formSetWanNonLogin component of the Boa Webserver. The vulnerability was disclosed on July 20, 2025, and is particularly concerning as it affects products no longer supported by the maintainer (NVD).

The vulnerability involves a stack-based buffer overflow condition triggered by the manipulation of the curTime argument in the sprintf function. The vulnerability has received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and a CVSS v4.0 score of 7.4 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P (VulDB).

The vulnerability allows remote attackers to potentially achieve code execution through stack-based buffer overflow exploitation. The impact is particularly severe as it affects all three main security aspects: confidentiality, integrity, and availability, each rated as 'High' in the CVSS scoring (VulDB).

Since this vulnerability affects products that are no longer supported by the maintainer, there are no official patches available. Users of affected D-Link DIR-513 devices should consider upgrading to supported hardware and implementing network-level protections to minimize exposure (NVD).