Description
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-03-15
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow in the /goform/form2Wl5BasicSetup.cgi CGI script of D‑Link DIR‑816 firmware 1.10CNB05. Manipulating the pskValue parameter causes memory corruption and can allow an attacker to execute arbitrary code on the router. The weakness corresponds to CWE‑119, CWE‑121, and CWE‑787. Because a malicious packet can be sent over the network, the impact is Remote Code Execution that could compromise the device’s configuration, traffic, or function.

Affected Systems

Affected systems are D‑Link routers model DIR‑816 running firmware version 1.10CNB05. No other firmware releases are listed as affected. The vulnerability is tied to the goahead component that is no longer supported by the vendor. The relevant CPE entries are cpe:2.3:h:dlink:dir-816:-:*:*:*:*:*:*:* and cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*.

Risk and Exploitability

The CVSS base score of 9.3 classifies the defect as Critical. The EPSS score is less than 1 %, indicating low current exploitation prevalence, but the vulnerability is publicly known and can be reached from outside the local network. Since it is not listed in the CISA KEV catalog, there is no immediate patch listed by CISA, however the high severity warrants prompt action. The attack requires remote access to the router’s web administration interface and the ability to send a crafted HTTP request containing a large pskValue payload.

Generated by OpenCVE AI on March 19, 2026 at 20:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the D‑Link support site for a newer firmware version that removes the vulnerable component and install it immediately.
  • If no updated firmware is available, restrict external access to the router’s web interface by placing the device behind a firewall or by disabling HTTP/HTTPS management from the WAN side through the router’s settings.
  • As an additional precaution, disable the Wi‑Fi SSID if not needed, disable UPnP, and monitor for unexpected traffic.
  • Verify the firmware version after update and confirm that vulnerabilities are patched.

Generated by OpenCVE AI on March 19, 2026 at 20:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-816
Dlink dir-816 Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:dlink:dir-816:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-816
Dlink dir-816 Firmware

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-816
Vendors & Products D-link
D-link dir-816

Sun, 15 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dir-816
Dlink Dir-816 Dir-816 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-16T14:40:34.929Z

Reserved: 2026-03-14T21:57:08.435Z

Link: CVE-2026-4184

cve-icon Vulnrichment

Updated: 2026-03-16T14:36:42.840Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:59.473

Modified: 2026-03-19T19:20:44.813

Link: CVE-2026-4184

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T14:01:36Z

Weaknesses