What is the CVSS score of CVE-2026-4182?

CVE-2026-4182 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Dir 816 are affected by CVE-2026-4182?

A critical remote code execution vulnerability (CVSS 9.8) has been identified in D-Link DIR-816 wireless routers with public exploit code available.

Is there a public PoC exploit available for CVE-2026-4182?

Yes, a public proof-of-concept exploit is available for CVE-2026-4182. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-4182?

Within 24 hours: Inventory all D-Link DIR-816 devices across the organization and isolate any identified units from production networks. Within 7 days: Either decommission affected devices or implement network-level mitigations (see compensating controls). Within 30 days: Complete replacement with supported hardware and validate remediation through vulnerability scanning.

Dir 816 CVE-2026-4182

EUVD-2026-12235 CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-03-15 VulDB

Buffer Overflow D-Link Stack Overflow Dir 816

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 15, 2026 - 17:00 euvd

EUVD-2026-12235

Analysis Generated

Mar 15, 2026 - 17:00 vuln.today

CVE Published

Mar 15, 2026 - 16:02 nvd

CRITICAL 9.8

DescriptionCVE.org

A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to achieve full system compromise without authentication. A public proof-of-concept exploit is available on GitHub, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send crafted HTTP request to /goform/form2Wl5RepeaterStep2.cgi

Exploit

Inject oversized payload in key1/key2/key3/key4/pskValue parameters

Execution

Trigger stack buffer overflow in goahead parser

Impact

Execute arbitrary code with device privileges

Access

Send crafted HTTP request to /goform/form2Wl5RepeaterStep2.cgi

Exploit

Inject oversized payload in key1/key2/key3/key4/pskValue parameters

Execution

Trigger stack buffer overflow in goahead parser

Impact

Execute arbitrary code with device privileges

Vulnerability AssessmentAI

Exploitation	D-Link DIR-816 firmware version 1.10CNB05 with goahead web server enabled; remote unauthenticated access to HTTP interface on default port 80; no authentication required for /goform/form2Wl5RepeaterStep2.cgi endpoint. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	This represents a critical real-world risk with multiple alarming indicators: CVSS 9.8 (Critical) with network-accessible attack vector (AV:N), low complexity (AC:L), and no authentication required (PR:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker can remotely exploit this vulnerability by sending specially crafted HTTP requests to the router's web interface at /goform/form2Wl5RepeaterStep2.cgi, providing oversized values for the key1-4 or pskValue parameters. This triggers a stack buffer overflow, allowing arbitrary code execution with router privileges. …
Remediation	As this affects end-of-life products with no vendor support, the only effective remediation is to replace affected DIR-816 routers with supported models. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all D-Link DIR-816 devices across the organization and isolate any identified units from production networks. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4182 vulnerability details – vuln.today

Back

Dir 816 CVE-2026-4182

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code