Description
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-02-23
Score: 8.7 High
EPSS: 3.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow exists in the VPN Configuration Endpoint function of the D-Link DWR‑M960 firmware. The flaw is triggered by manipulating the submit‑url argument, allowing an attacker to overflow the stack and potentially execute arbitrary code on the device. The vulnerability is a classic stack corruption, as indicated by CWE‑119 and CWE‑121.

Affected Systems

The known affected system is the D‑Link DWR‑M960 router running firmware version 1.01.07. No statements about other firmware revisions are confirmed.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, and the EPSS score of 3% reflects a low probability of exploitation observed at the time of analysis. The attack can be carried out remotely via the affected endpoint, and the vulnerability has been publicly disclosed, suggesting the potential for real‑world exploitation. If exploited, an attacker could gain full control over the device, compromising confidentiality, integrity, and availability of the network.

Generated by OpenCVE AI on June 18, 2026 at 13:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the D-Link DWR‑M960 firmware to the latest version provided by the vendor, which includes a fix for the stack buffer overflow in the VPN Configuration Endpoint.
  • If a firmware update cannot be applied immediately, restrict access to the /boafrm/formVpnConfigSetup endpoint by limiting it to the local network or trusted subnet and blocking remote traffic using firewall rules.
  • Deploy input validation or sanitization controls on the submit‑url parameter, ensuring it is properly length‑checked and encoded, to mitigate the overflow until a patch is applied.

Generated by OpenCVE AI on June 18, 2026 at 13:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 23 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dwr-m960
Dlink dwr-m960 Firmware
CPEs cpe:2.3:h:dlink:dwr-m960:b1:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-m960_firmware:1.01.07:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dwr-m960
Dlink dwr-m960 Firmware

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dwr-m960
Vendors & Products D-link
D-link dwr-m960

Mon, 23 Feb 2026 00:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Title D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

D-link Dwr-m960
Dlink Dwr-m960 Dwr-m960 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T19:14:25.184Z

Reserved: 2026-02-22T07:19:26.067Z

Link: CVE-2026-2961

cve-icon Vulnrichment

Updated: 2026-02-23T19:14:17.496Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-23T01:16:17.720

Modified: 2026-06-17T10:32:07.303

Link: CVE-2026-2961

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T13:45:05Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow