📄 Description (English)
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
🤖 AI Executive Summary
A critical stack-based buffer overflow vulnerability exists in D-Link DWR-M960 router firmware version 1.01.07, affecting the /boafrm/formDosCfg endpoint. With a CVSS score of 8.8 and publicly available exploits, this vulnerability enables remote code execution without authentication. Organizations using this router model face immediate risk of compromise and should prioritize patching.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 22, 2026 23:00
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi telecommunications infrastructure (STC, Mobily, Zain), government agencies, and enterprises using D-Link DWR-M960 routers for network access and management. Banking sector organizations (SAMA-regulated) using these devices for branch connectivity face potential data exfiltration and lateral movement risks. Energy sector (ARAMCO, utilities) and healthcare institutions relying on these routers for critical network segmentation are particularly vulnerable. The public exploit availability increases attack likelihood across all sectors.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Banking and Financial Services (SAMA-regulated)
Government and Public Administration
Energy and Utilities (ARAMCO, regional utilities)
Healthcare
Education
Enterprise Networks
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all D-Link DWR-M960 devices running firmware 1.01.07 in your network using asset discovery tools
2. Isolate affected routers from critical network segments if immediate patching is not possible
3. Implement network-level access controls restricting access to /boafrm/formDosCfg endpoint
4. Monitor for suspicious POST requests to /boafrm/formDosCfg with abnormal submit-url parameter values
PATCHING GUIDANCE:
1. Download latest firmware from D-Link support portal (verify version > 1.01.07)
2. Apply patches during maintenance windows with change management approval
3. Test patches in lab environment before production deployment
4. Maintain backup of current configuration before firmware upgrade
COMPENSATING CONTROLS (if patch unavailable):
1. Implement WAF rules blocking requests with oversized submit-url parameters (>256 bytes)
2. Restrict administrative access to router management interface via IP whitelisting
3. Disable remote management features if not required
4. Implement network segmentation isolating router management traffic
DETECTION RULES:
1. Alert on POST requests to /boafrm/formDosCfg with submit-url parameter > 512 bytes
2. Monitor for stack overflow indicators: abnormal process termination, memory access violations
3. Log all administrative access attempts to router interfaces
4. Detect unusual outbound connections from router IP addresses
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة D-Link DWR-M960 التي تعمل بالإصدار 1.01.07 في شبكتك
2. عزل الأجهزة المتأثرة عن القطاعات الحرجة إذا لم يكن التصحيح الفوري ممكناً
3. تطبيق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة النهاية
4. مراقبة طلبات POST المريبة مع قيم معاملات غير عادية
إرشادات التصحيح:
1. تحميل أحدث إصدار من البرنامج الثابت من بوابة دعم D-Link
2. تطبيق التصحيحات خلال نوافذ الصيانة المعتمدة
3. اختبار التصحيحات في بيئة المختبر قبل النشر الإنتاجي
4. الاحتفاظ بنسخة احتياطية من الإعدادات الحالية
عناصر التحكم البديلة:
1. تطبيق قواعد جدار الحماية لحجب الطلبات ذات معاملات كبيرة الحجم
2. تقييد الوصول الإداري عبر قائمة بيضاء للعناوين
3. تعطيل ميزات الإدارة البعيدة إن لم تكن مطلوبة
4. تطبيق تقسيم الشبكة لعزل حركة إدارة التوجيه
قواعد الكشف:
1. تنبيهات على طلبات POST مع معاملات > 512 بايت
2. مراقبة مؤشرات تجاوز المخزن المؤقت
3. تسجيل جميع محاولات الوصول الإداري
4. كشف الاتصالات الخارجية غير العادية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control
ECC 2024 A.12.6 - Management of Technical Vulnerabilities
ECC 2024 A.14.2 - System Development and Change Management
ECC 2024 A.5.2 - Information Security Roles and Responsibilities
🔵 SAMA CSF
SAMA CSF ID.RA-1 - Asset Management
SAMA CSF PR.IP-12 - Vulnerability Management
SAMA CSF DE.CM-8 - Vulnerability Scanning
SAMA CSF RS.MI-2 - Incident Response and Recovery
🟡 ISO 27001:2022
ISO 27001:2022 A.5.23 - Information Security for Supplier Relationships
ISO 27001:2022 A.8.1 - Asset Management
ISO 27001:2022 A.12.6 - Management of Technical Vulnerabilities
ISO 27001:2022 A.14.2 - System Development and Change Management
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security Patches and Updates
PCI DSS 11.2 - Vulnerability Scanning
PCI DSS 2.1 - Default Credentials and Security Parameters
🔗 References & Sources 5
🔗
https://github.com/LX-66-LX/cve-new/issues/16
cna@vuldb.com
Exploit
Issue Tracking
Third Party Advisory
🔗
https://vuldb.com/?ctiid.347176
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.347176
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.754487
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://www.dlink.com/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
dlink:dwr-m960_firmware:1.01.07