CVE-2026-2958
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Analysis
Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all D-Link DWR-M960 devices in production and isolate affected units from critical network segments. Within 7 days: Implement network-level mitigations including WAF rules to block /boafrm/formWsc requests and restrict WAN access to router management interfaces. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today