Impact
A stack‑based buffer overflow exists in the VPN Configuration Endpoint function of the D-Link DWR‑M960 firmware. The flaw is triggered by manipulating the submit‑url argument, allowing an attacker to overflow the stack and potentially execute arbitrary code on the device. The vulnerability is a classic stack corruption, as indicated by CWE‑119 and CWE‑121.
Affected Systems
The known affected system is the D‑Link DWR‑M960 router running firmware version 1.01.07. No statements about other firmware revisions are confirmed.
Risk and Exploitability
The CVSS score of 8.7 indicates high severity, and the EPSS score of 3% reflects a low probability of exploitation observed at the time of analysis. The attack can be carried out remotely via the affected endpoint, and the vulnerability has been publicly disclosed, suggesting the potential for real‑world exploitation. If exploited, an attacker could gain full control over the device, compromising confidentiality, integrity, and availability of the network.
OpenCVE Enrichment