Cyber Resilience

CVE-2026-4184

HighPublic PoC

Published: 16 March 2026

Published
16 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0118 63.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-4184 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-816 Firmware. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-4184 is a stack-based buffer overflow vulnerability affecting the D-Link DIR-816 router on firmware version 1.10CNB05. The flaw exists in an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi within the goahead component, where manipulation of the pskValue argument triggers the overflow. Published on 2026-03-16, it is associated with CWEs-119, CWE-121, and CWE-787, and carries a CVSS v3.1 base score of 9.8.

The vulnerability enables remote exploitation over the network with low complexity, requiring no privileges, authentication, or user interaction (AV:N/AC:L/PR:N/UI:N). Successful attacks can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing full device compromise such as arbitrary code execution. An exploit is publicly available and may be used against vulnerable instances.

Advisories note that this vulnerability only affects products no longer supported by the maintainer, with no patches available. Relevant references include VulDB entries detailing the issue (vuldb.com/?ctiid.351088, vuldb.com/?id.351088, vuldb.com/?submit.769832), a GitHub repository with exploit information (github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_88/88.md), and the D-Link website (dlink.com). Mitigation requires isolating or retiring affected devices.

EU & UK References

Vulnerability details

A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible…

more

to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in public-facing web CGI (/goform/form2Wl5BasicSetup.cgi) on D-Link router enables remote unauthenticated arbitrary code execution, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-4182Same product: Dlink Dir-816
CVE-2026-4181Same product: Dlink Dir-816
CVE-2026-4183Same product: Dlink Dir-816
CVE-2026-4180Same product: Dlink Dir-816
CVE-2026-8346Same product: Dlink Dir-816
CVE-2024-57684Same product: Dlink Dir-816
CVE-2025-60679Same product: Dlink Dir-816
CVE-2026-8345Same product: Dlink Dir-816
CVE-2026-8344Same product: Dlink Dir-816
CVE-2026-5212Same vendor: Dlink

Affected Assets

dlink
dir-816 firmware
1.10cnb05

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prohibits the use of end-of-support products like the EOL D-Link DIR-816, directly mitigating exposure to unpatchable vulnerabilities such as CVE-2026-4184.

prevent

Requires validation of inputs like the pskValue argument to prevent stack-based buffer overflows in the vulnerable /goform/form2Wl5BasicSetup.cgi endpoint.

prevent

Implements memory protections to mitigate arbitrary code execution from stack-based buffer overflows even if invalid inputs reach the goahead component.

References