CVE-2026-2929 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2026-2929?

CVE-2026-2929 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the submit-url parameter in the Wireless Access Control endpoint. This affects D-Link DWR-M960 routers running firmware version 1.01.07. Remote exploitation is possible without authentication.

📋 TL;DR

A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the submit-url parameter in the Wireless Access Control endpoint. This affects D-Link DWR-M960 routers running firmware version 1.01.07. Remote exploitation is possible without authentication.

💻 Affected Systems

Products:

D-Link DWR-M960

Versions: 1.01.07

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Wireless Access Control endpoint specifically. All devices running the vulnerable firmware version are affected.

📦 What is this software?

Dwr M960 Firmware by Dlink

View all CVEs affecting Dwr M960 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to gain control of the router, modify network settings, intercept traffic, or use as pivot point for further attacks.

🟢

If Mitigated

Denial of service or limited impact if proper network segmentation and access controls prevent exploitation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication on internet-facing devices.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires attacker presence on the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed on GitHub, making weaponization likely. The vulnerability is in a web interface component accessible remotely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dlink.com/

Restart Required: Yes

Instructions:

1. Check D-Link website for firmware updates. 2. Download latest firmware for DWR-M960. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router after update completes.

🔧 Temporary Workarounds

Disable Wireless Access Control Interface

all

Disable or restrict access to the vulnerable endpoint if not needed

Network Segmentation

all

Isolate affected routers from critical networks and internet exposure

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to the router's web interface
Deploy network-based intrusion prevention systems (IPS) to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. Navigate to System > Firmware Information and verify version is 1.01.07.

Check Version:

No CLI command available. Must use web interface at http://[router-ip]/boafrm/formWlAc (but do not test exploitation)

Verify Fix Applied:

After updating, verify firmware version shows a version higher than 1.01.07 in the admin interface.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /boafrm/formWlAc with long submit-url parameters
Router crash or reboot logs
Unusual process execution in router logs

Network Indicators:

HTTP requests with abnormally long submit-url parameters to router IP
Traffic patterns suggesting router compromise (unexpected outbound connections)

SIEM Query:

source="router_logs" AND (uri="/boafrm/formWlAc" AND content_length>1000) OR (event="crash" AND device="DWR-M960")

📊 Metadata

CVE ID: CVE-2026-2929

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: February 22, 2026

Last Updated: February 23, 2026

🔗 References

https://github.com/LX-66-LX/cve-new/issues/24 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.347276 Permissions Required,VDB Entry
https://vuldb.com/?id.347276 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.754503 Third Party Advisory,VDB Entry
https://www.dlink.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2929, you might also want to check these: