CVE-2026-2958
Published: 23 February 2026
Summary
CVE-2026-2958 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dwr-M960 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation through firmware patching directly eliminates the stack-based buffer overflow in sub_457C5C of /boafrm/formWsc exploited via the save_apply argument.
Information input validation mechanisms at the /boafrm/formWsc endpoint prevent manipulation of the save_apply argument from causing the stack buffer overflow.
Memory protection safeguards such as stack canaries or non-executable stacks mitigate arbitrary code execution from the stack-based buffer overflow in sub_457C5C.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack buffer overflow in the router web interface (formWsc/save_apply) allows authenticated low-privilege users to achieve arbitrary code execution, directly enabling exploitation of a public-facing application (T1190) and privilege escalation on the device (T1068).
NVD Description
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been…
more
disclosed publicly and may be used.
Deeper analysisAI
CVE-2026-2958 is a stack-based buffer overflow vulnerability affecting the D-Link DWR-M960 router on firmware version 1.01.07. The flaw resides in the function sub_457C5C within the file /boafrm/formWsc, where manipulation of the save_apply argument triggers the overflow. Published on 2026-02-23, it is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges can exploit this vulnerability remotely without user interaction. Network access to the affected component suffices, enabling manipulation of the save_apply argument to overflow the stack. Successful exploitation could result in high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the device.
Advisories referenced in VulDB entries (ctiid.347325, id.347325, submit.754509) and a GitHub issue (LX-66-LX/cve-new/issues/25) document the vulnerability details, with the exploit publicly disclosed and available for use. The D-Link website provides general support resources; practitioners should check vendor advisories for firmware patches or workarounds.
The public disclosure of the exploit increases the risk of active exploitation against unpatched D-Link DWR-M960 devices.
Details
- CWE(s)