Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
D-Link DWR-M960 exposes data to malicious websites
CVE-2026-2857
Summary
The Port Forwarding Configuration Endpoint in D-Link DWR-M960 has a security flaw that could allow hackers to access your router's settings if you visit a malicious website. This is a serious issue because it lets attackers take control of your router's settings. To protect yourself, update your router's firmware to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dlink | dwr-m960_firmware | 1.01.07 | – |
Original title
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. ...
Original description
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/LX-66-LX/cve-new/issues/14 Exploit Issue Tracking Third Party Advisory
- https://vuldb.com/?ctiid.347096 Permissions Required VDB Entry
- https://vuldb.com/?id.347096 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.754476 Third Party Advisory VDB Entry
- https://www.dlink.com/ Product
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026