CVE-2026-4183
Published: 16 March 2026
Summary
CVE-2026-4183 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-816 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates replacement or retirement of unsupported end-of-life system components like the D-Link DIR-816 router, directly eliminating exposure to this unpatchable vulnerability.
Prevents stack-based buffer overflows by enforcing validation of critical inputs such as the pskValue argument in the vulnerable CGI script.
Blocks remote unauthenticated network access to the goahead web server component hosting the vulnerable /goform/form2WlanBasicSetup.cgi endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remotely exploitable buffer overflow in the public-facing web interface (CGI script) of a router's goahead web server, directly enabling arbitrary code execution via T1190: Exploit Public-Facing Application.
NVD Description
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely.…
more
The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-4183 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121, CWE-787) affecting the D-Link DIR-816 router on firmware version 1.10CNB05. The flaw exists in an unknown function of the file /goform/form2WlanBasicSetup.cgi within the goahead web server component, where manipulation of the pskValue argument triggers the overflow. Published on 2026-03-16, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
Any remote unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation allows arbitrary code execution, potentially granting full control over the device, including data exfiltration, modification of configurations, or denial of service.
VulDB advisories and a GitHub disclosure detail the vulnerability, confirming public availability of an exploit. The affected products are no longer supported by D-Link, so no patches or firmware updates are available; mitigation relies on isolating exposed devices, restricting network access, or decommissioning them. The general D-Link website provides no specific guidance for this issue.
Details
- CWE(s)