CVE-2026-2854 | D-Link DWR-M960 1.01.07 NTP Configuration Endpoint /boafrm/formNtp sub_4611CC submit-url stack-based overflow

Inserito da Angelo Barbosa | Feb 20, 2026 | CVE

A vulnerability was found in D-Link DWR-M960 1.01.07 and classified as critical. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow.

This vulnerability is tracked as CVE-2026-2854. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-2854 | D-Link DWR-M960 1.01.07 NTP Configuration Endpoint /boafrm/formNtp sub_4611CC submit-url stack-based overflow

Post correlati

CVE-2024-37371 | MIT Kerberos 5 up to 1.21.2 GSS Message Token Privilege Escalation

CVE-2024-43415 | decidim-ice decidim-module-decidim_awesome up to 0.10.2/0.11.1 sql injection (GHSA-cxwf-qc32-375f)

CVE-2024-54160 | LF Projects OpenSearch up to 2.18 dashboards-reporting cross site scripting

CVE-2024-39132 | DumpTS 0.1.0-nightly /src/DumpTS.cpp VerifyCommandLine null pointer dereference