CVE-2026-2961 | D-Link DWR-M960 1.01.07 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 submit-url stack-based overflow

Inserito da Angelo Barbosa | Feb 22, 2026 | CVE

A vulnerability, which was classified as critical, has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow.

This vulnerability is uniquely identified as CVE-2026-2961. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2026-2961 | D-Link DWR-M960 1.01.07 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 submit-url stack-based overflow

Post correlati

CVE-2024-12225 | Red Hat Quarkus WebAuthn Module improper authentication

CVE-2024-45722 | Ruijie Reyee OS prior 2.320.x MQTT Credential weak credentials (icsa-24-338-01)

CVE-2024-47581 | SAP HCM S4GXX 101 Approve Timesheets authorization

CVE-2025-68181 | Linux Kernel up to 6.12.57/6.17.7 lib/refcount.c drm_put_dev use after free