CVE-2026-2882
Published: 21 February 2026
Summary
CVE-2026-2882 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dwr-M960 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the stack-based buffer overflow in sub_46385C of /boafrm/formDosCfg by applying vendor firmware patches or updates.
Enforces validation of the submit-url argument to restrict operations within memory bounds and prevent the buffer overflow.
Deploys memory safeguards like stack canaries, ASLR, and DEP to protect against remote exploitation of the stack-based buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's web management form handler (/boafrm/formDosCfg) is a remotely exploitable flaw in an internet-facing application. Low-privilege authenticated network access is sufficient to trigger arbitrary code execution and full device compromise, directly mapping to T1190.
NVD Description
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has…
more
been made public and could be used.
Deeper analysisAI
CVE-2026-2882 is a stack-based buffer overflow vulnerability affecting the D-Link DWR-M960 router on firmware version 1.01.07. The issue is located in the function sub_46385C within the file /boafrm/formDosCfg, where manipulation of the submit-url argument triggers the overflow. Published on 2026-02-21, it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
Attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction, provided they possess low privileges (PR:L). The CVSS v3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates high impacts on confidentiality, integrity, and availability, enabling potential full compromise of the affected device.
Advisories on VulDB and a GitHub issue (LX-66-LX/cve-new/issues/16) document the vulnerability and note that a public exploit exists which could be used. The D-Link website is referenced for further details, though specific patch information is not detailed in available sources.
Details
- CWE(s)