CVE-2026-2928
Published: 22 February 2026
Summary
CVE-2026-2928 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dwr-M960 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-2928 is a stack-based buffer overflow vulnerability affecting the D-Link DWR-M960 router on firmware version 1.01.07. The flaw exists in the sub_452CCC function of the /boafrm/formWlEncrypt file within the WLAN Encryption Configuration Endpoint component, triggered by manipulation of the submit-url argument.
The vulnerability enables remote exploitation by attackers with low privileges, requiring low attack complexity and no user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, as reflected in its CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It is associated with CWEs-119 and CWE-121, and a public exploit is available for use.
Advisories and additional details are documented in references including VulDB entries at https://vuldb.com/?ctiid.347275, https://vuldb.com/?id.347275, and https://vuldb.com/?submit.754500, a GitHub issue at https://github.com/LX-66-LX/cve-new/issues/23, and the D-Link website at https://www.dlink.com/. The vulnerability was published on 2026-02-22.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7699
Vulnerability details
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be…
more
launched remotely. The exploit has been made public and could be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing web endpoint (/boafrm/formWlEncrypt) allows remote authenticated low-priv attackers to achieve RCE with high C/I/A impact, directly enabling exploitation of public-facing applications (T1190) and privilege escalation via software vulnerability (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents stack-based buffer overflows by validating the manipulated submit-url argument in the WLAN encryption endpoint.
Implements memory protections like stack canaries and non-executable stacks to block unauthorized code execution from the buffer overflow exploit.
Requires identification, reporting, and correction of the specific buffer overflow flaw in the D-Link router firmware.