CVE-2026-2926 | D-Link DWR-M960 1.01.07 LTE Configuration Endpoint /boafrm/formLteSetup sub_4237AC submit-url stack-based overflow

Inserito da Angelo Barbosa | Feb 21, 2026 | CVE

A vulnerability, which was classified as critical, was found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow.

This vulnerability is tracked as CVE-2026-2926. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-2926 | D-Link DWR-M960 1.01.07 LTE Configuration Endpoint /boafrm/formLteSetup sub_4237AC submit-url stack-based overflow

Post correlati

CVE-2025-5484 | SinoTrack IOT PC Platform 8.3 Device Management weak authentication (icsa-25-160-01)

CVE-2025-11974 | GitLab Community Edition/Enterprise Edition up to 18.3.4/18.4.2/18.5.0 API Endpoint allocation of resources (Patch 571761)

CVE-2025-53895 | Zitadel up to 2.70.13/2.71.12/3.3.0/4.0.0-rc.1 Session Management API authorization

CVE-2025-6247 | Automatic Plugin up to 3.118.0 on WordPress cross-site request forgery