Skip to main content

Dwr M960 Firmware CVE-2026-2885

HIGH
Buffer Overflow (CWE-119)
2026-02-21 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:04 vuln.today
PoC Detected
Feb 23, 2026 - 19:37 vuln.today
Public exploit code
CVE Published
Feb 21, 2026 - 21:16 nvd
HIGH 8.8

DescriptionCVE.org

A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware allows remote authenticated attackers to achieve complete system compromise through crafted input to the IPv6 setup function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Technical ContextAI

Classified as CWE-119 (Buffer Overflow). Affects Dwr-M960 Firmware. A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

CVE-2026-2962 HIGH POC
8.8 Feb 23

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authent

CVE-2026-2961 HIGH POC
8.8 Feb 23

Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allo

CVE-2026-2960 HIGH POC
8.8 Feb 23

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute

CVE-2026-2959 HIGH POC
8.8 Feb 23

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remo

CVE-2026-2958 HIGH POC
8.8 Feb 23

Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoin

CVE-2026-2929 HIGH POC
8.8 Feb 22

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve

CVE-2026-2927 HIGH POC
8.8 Feb 22

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to

CVE-2026-2926 HIGH POC
8.8 Feb 22

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to

CVE-2026-2925 HIGH POC
8.8 Feb 22

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to

CVE-2026-2884 HIGH POC
8.8 Feb 21

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to

CVE-2026-2882 HIGH POC
8.8 Feb 21

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to

CVE-2026-2881 HIGH POC
8.8 Feb 21

Remote code execution in D-Link DWR-M960 firmware through stack-based buffer overflow in the Advanced Firewall Configura

Share

CVE-2026-2885 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy