CVE-2026-2882
Published: 21 February 2026
Summary
CVE-2026-2882 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dwr-M960 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-2882 is a stack-based buffer overflow vulnerability affecting the D-Link DWR-M960 router on firmware version 1.01.07. The issue is located in the function sub_46385C within the file /boafrm/formDosCfg, where manipulation of the submit-url argument triggers the overflow. Published on 2026-02-21, it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
Attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction, provided they possess low privileges (PR:L). The CVSS v3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates high impacts on confidentiality, integrity, and availability, enabling potential full compromise of the affected device.
Advisories on VulDB and a GitHub issue (LX-66-LX/cve-new/issues/16) document the vulnerability and note that a public exploit exists which could be used. The D-Link website is referenced for further details, though specific patch information is not detailed in available sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7515
Vulnerability details
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has…
more
been made public and could be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's web management form handler (/boafrm/formDosCfg) is a remotely exploitable flaw in an internet-facing application. Low-privilege authenticated network access is sufficient to trigger arbitrary code execution and full device compromise, directly mapping to T1190.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the stack-based buffer overflow in sub_46385C of /boafrm/formDosCfg by applying vendor firmware patches or updates.
Enforces validation of the submit-url argument to restrict operations within memory bounds and prevent the buffer overflow.
Deploys memory safeguards like stack canaries, ASLR, and DEP to protect against remote exploitation of the stack-based buffer overflow.