Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
D-Link DWR-M960 Router WAN Interface Setting Handler Code Execution
CVE-2026-2884
Summary
A security flaw in the D-Link DWR-M960 router's WAN interface setting handler allows a remote attacker to execute code on the device. This could potentially allow an attacker to take control of the router or use it to attack other devices on the network. If you use a DWR-M960, it's recommended to update the firmware to the latest version to protect against this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dlink | dwr-m960_firmware | 1.01.07 | – |
Original title
A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The...
Original description
A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/LX-66-LX/cve-new/issues/18 Exploit Issue Tracking Third Party Advisory
- https://vuldb.com/?ctiid.347178 Permissions Required VDB Entry
- https://vuldb.com/?id.347178 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.754493 Third Party Advisory VDB Entry
- https://www.dlink.com/ Product
Published: 21 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026