EUVD-2026-12235CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to achieve full system compromise without authentication. A public proof-of-concept exploit is available on GitHub, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all D-Link DIR-816 devices across the organization and isolate any identified units from production networks. Within 7 days: Either decommission affected devices or implement network-level mitigations (see compensating controls). …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today