{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2961", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-22T07:19:26.067Z", "datePublished": "2026-02-23T00:02:17.186Z", "dateUpdated": "2026-02-23T19:14:25.184Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T00:02:17.186Z"}, "title": "D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "D-Link", "product": "DWR-M960", "versions": [{"version": "1.01.07", "status": "affected"}], "modules": ["VPN Configuration Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-22T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-22T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-22T08:24:38.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LX-66-LX (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347328", "name": "VDB-347328 | D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347328", "name": "VDB-347328 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754513", "name": "Submit #754513 | D-Link DWR-M960 V1.01.07 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LX-66-LX/cve-new/issues/28", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T19:14:06.456354Z", "id": "CVE-2026-2961", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T19:14:25.184Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2961", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-23T19:14:06.456354Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T19:14:17.496Z"}}], "cna": {"title": "D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "LX-66-LX (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "D-Link", "modules": ["VPN Configuration Endpoint"], "product": "DWR-M960", "versions": [{"status": "affected", "version": "1.01.07"}]}], "timeline": [{"lang": "en", "time": "2026-02-22T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-22T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-22T08:24:38.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.347328", "name": "VDB-347328 | D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347328", "name": "VDB-347328 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754513", "name": "Submit #754513 | D-Link DWR-M960 V1.01.07 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LX-66-LX/cve-new/issues/28", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T00:02:17.186Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2961", "state": "PUBLISHED", "dateUpdated": "2026-02-23T19:14:25.184Z", "dateReserved": "2026-02-22T07:19:26.067Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-23T00:02:17.186Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dwr-m960_firmware:1.01.07:*:*:*:*:*:*:*", "matchCriteriaId": "618C664D-2A29-41B1-A234-6486FAD5CC55", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dwr-m960:b1:*:*:*:*:*:*:*", "matchCriteriaId": "C630A0A9-0D58-4499-927C-BE91D0490987", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Ha sido encontrada una vulnerabilidad en D-Link DWR-M960 1.01.07 que afecta a la funci\u00f3n sub_4196C4 del archivo /boafrm/formVpnConfigSetup del componente VPN Configuration Endpoint. Manipular el argumento submit-url provoca un desbordamiento de b\u00fafer basado en pila. Es posible lanzar el ataque en remoto. El exploit ha sido publicado y puede que se utilice."}], "id": "CVE-2026-2961", "lastModified": "2026-02-23T19:23:59.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-23T01:16:17.720", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/LX-66-LX/cve-new/issues/28"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.347328"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.347328"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.754513"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.01.07"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "dwr-m960", "vendor": "d-link"}], "analysis": {"en": {"generated_at": "2026-04-17T16:26:44.674837+00:00", "value": {"mitigation_remediation": ["Upgrade the D\u2011Link DWR\u2011M960 firmware to the latest version supplied by the vendor, which includes a fix for the stack buffer overflow in the VPN Configuration Endpoint.", "If a firmware update cannot be applied immediately, restrict access to the /boafrm/formVpnConfigSetup endpoint by limiting it to the local network or trusted subnet and blocking remote traffic using firewall rules.", "Deploy input validation or sanitization controls on the submit\u2011url parameter, ensuring it is properly length\u2011checked and encoded, to mitigate the overflow until a patch is applied."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The issue affects the D-Link DWR\u2011M960 router with firmware version 1.01.07. Only this specific firmware revision is known to contain the unpatched buffer overflow; newer or older firmware might not be vulnerable, but the current version must be updated to a patched release.", "description_and_impact": "A stack-based buffer overflow exists in the VPN Configuration Endpoint function sub_4196C4 within the D-Link DWR\u2011M960 firmware. The flaw is triggered by manipulating the submit\u2011url argument, allowing an attacker to overflow the stack and potentially execute arbitrary code on the device. The description states the attack can be carried out remotely and the vulnerability has been publicly disclosed with the potential for exploitation. The vulnerability is a classic stack corruption as indicated by CWE\u2011119 and CWE\u2011121.", "risk_and_exploitability": "The CVSS score of 8.7 reflects high severity, and the EPSS score of less than 1% indicates a very low but non\u2011zero probability of exploitation observed at the time of analysis. The intrusion is possible over the network, implying remote attackers can trigger the overflow. Although the vulnerability is not listed in the CISA KEV catalog, its nature and the public disclosure suggest a real, though low\u2011frequency, risk. If exploited, the attacker would gain full control over the device, compromising confidentiality, integrity, and availability of the network."}}}}, "created": "2026-02-23T14:28:33.210950+00:00", "updated": "2026-04-17T16:30:05.836510+00:00", "vendors": ["d-link", "d-link$PRODUCT$dwr-m960"]}