CVE-2026-2925
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Analysis
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve complete system compromise through manipulation of the submit-url parameter in the Bridge VLAN Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all D-Link DWR-M960 devices running firmware 1.01.07 and isolate affected units from critical network segments. Within 7 days: Implement network segmentation and WAF rules to restrict access to the /boafrm/formBridgeVlan endpoint, and disable Bridge VLAN configuration if not essential. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today