CVE-2026-2855 in DWR-M960info

Summary

by MITRE • 02/20/2026

A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 02/23/2026

The vulnerability identified as CVE-2026-2855 represents a critical stack-based buffer overflow flaw within the D-Link DWR-M960 router firmware version 1.01.07. This issue resides in the DDNS Settings Handler component, specifically within the sub_4648F0 function located in the /boafrm/formDdns file. The vulnerability manifests when processing the submit-url argument, which is commonly used in web forms to specify where data should be submitted. The flaw allows attackers to manipulate this parameter in a manner that overflows the allocated stack buffer, potentially leading to arbitrary code execution or system compromise. Given that the attack can be initiated remotely, this vulnerability poses a significant risk to network security as it does not require physical access to the device.

The technical nature of this vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations. The attack vector is particularly concerning as it operates over network protocols, making it accessible to remote threat actors. The vulnerability's exploitation potential is enhanced by the fact that the exploit has been publicly disclosed, meaning malicious actors can readily implement attack techniques without requiring advanced reverse engineering skills. This public availability of exploitation methods significantly increases the risk surface for affected devices.

From an operational impact perspective, successful exploitation of this vulnerability could enable attackers to gain unauthorized access to the router's administrative interface, potentially leading to complete network compromise. Attackers might leverage this access to modify router configurations, install malicious firmware, redirect network traffic, or establish persistent backdoors. The DWR-M960 device, being a consumer-grade router, typically operates in home or small office environments where network security awareness may be limited. This creates an environment where such vulnerabilities can remain undetected for extended periods, allowing attackers to maintain persistent access and conduct reconnaissance activities.

Security mitigation strategies should prioritize immediate firmware updates from D-Link to address the identified buffer overflow condition. Network administrators should implement network segmentation and monitoring to detect anomalous traffic patterns that might indicate exploitation attempts. The implementation of web application firewalls and intrusion detection systems can help identify and block malicious requests targeting the vulnerable DDNS handler component. Additionally, organizations should conduct comprehensive vulnerability assessments to identify other potentially affected devices within their network infrastructure. The ATT&CK framework categorizes this vulnerability under T1071.004 for application layer protocol usage and T1059.001 for command and scripting interpreter, as exploitation would likely involve crafting malicious payloads and executing commands through the vulnerable interface. Regular security audits and network monitoring are essential to prevent exploitation and maintain overall network integrity.

Responsible

VulDB

Disclosure

02/20/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00620

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!