Skip to main content

Dir 816 CVE-2026-4184

| EUVDEUVD-2026-12239 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-03-15 VulDB
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
PoC Detected
Mar 16, 2026 - 14:53 vuln.today
Public exploit code
EUVD ID Assigned
Mar 15, 2026 - 18:00 euvd
EUVD-2026-12239
Analysis Generated
Mar 15, 2026 - 18:00 vuln.today
CVE Published
Mar 15, 2026 - 17:32 nvd
CRITICAL 9.8

DescriptionCVE.org

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available on GitHub, making this vulnerability actively exploitable. However, D-Link no longer supports this product, meaning no patch will be released.

Technical ContextAI

The vulnerability exists in the goahead web server component, specifically in the /goform/form2Wl5BasicSetup.cgi file that handles wireless configuration settings. The flaw (CWE-121: Stack-based Buffer Overflow) occurs when the 'pskValue' parameter is processed without proper bounds checking, allowing an attacker to overflow the stack buffer. Based on the CPE string (cpe:2.3:a:d-link:dir-816:*:*:*:*:*:*:*:*), all versions of the DIR-816 firmware may be affected, though only version 1.10CNB05 has been confirmed vulnerable.

RemediationAI

Since D-Link no longer supports the DIR-816 router, no official patch will be released. Organizations must immediately replace these devices with supported alternatives. As temporary mitigations: (1) Disable remote management if enabled, (2) Restrict access to the web interface using firewall rules to trusted IP addresses only, (3) Monitor for suspicious traffic to /goform/form2Wl5BasicSetup.cgi. The vendor's general security information can be found at https://www.dlink.com/, but no specific advisory exists for this EOL product.

Share

CVE-2026-4184 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy