CVE-2026-4182
Published: 16 March 2026
Summary
CVE-2026-4182 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-816 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prohibits use of unsupported system components like the end-of-life D-Link DIR-816 router, preventing deployment of devices with unpatchable vulnerabilities such as this buffer overflow.
Requires validation of untrusted inputs such as key1/key2/key3/key4/pskValue in the CGI script, directly preventing the stack-based buffer overflow triggered by malformed arguments.
Implements memory protection mechanisms like stack canaries and non-executable stacks to block exploitation of stack-based buffer overflows even if input validation fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote buffer overflow in public-facing router web server CGI script enables full device compromise via exploitation of public-facing application.
NVD Description
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The…
more
exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-4182 is a stack-based buffer overflow vulnerability affecting the D-Link DIR-816 router on firmware version 1.10CNB05. The flaw impacts an unknown function in the file /goform/form2Wl5RepeaterStep2.cgi within the goahead web server component. It is triggered by manipulation of the arguments key1, key2, key3, key4, and pskValue, as associated with CWE-119, CWE-121, and CWE-787.
Attackers can exploit this vulnerability remotely over the network without authentication or user interaction, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Any unauthenticated remote attacker with network access to the device can achieve high impacts on confidentiality, integrity, and availability, potentially leading to full compromise of the router.
Advisories note that this vulnerability only affects products no longer supported by the maintainer, with no patches available. VulDB entries (ctiid.351086, id.351086, submit.769830) and a GitHub repository (wudipjq/my_vuln) provide details on the issue, including a publicly available exploit. The D-Link website is referenced but offers no specific mitigation.
The public availability of the exploit heightens risks for any remaining deployments of the unsupported DIR-816 firmware.
Details
- CWE(s)