📄 Description (English)
A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
🤖 AI Executive Summary
A critical stack-based buffer overflow vulnerability exists in D-Link DWR-M960 firmware version 1.01.07 affecting the LTE Configuration endpoint. The vulnerability can be exploited remotely through manipulation of the submit-url parameter, allowing unauthenticated attackers to execute arbitrary code. With published exploits and widespread deployment in Saudi telecommunications infrastructure, immediate patching is essential.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 01:03
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses severe risk to Saudi telecommunications sector, particularly STC and Mobily networks that deploy D-Link DWR-M960 routers for LTE/4G connectivity. Government agencies and critical infrastructure operators using these devices for secure communications face potential compromise. Banking sector organizations relying on these routers for branch connectivity and ARAMCO facilities using them for remote site management are at elevated risk. The remote, unauthenticated nature of exploitation makes this particularly dangerous for SAMA-regulated financial institutions and NCA-monitored government networks.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Government Agencies
Banking and Financial Services
Energy (ARAMCO)
Healthcare
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all D-Link DWR-M960 devices running firmware 1.01.07 across your organization using network scanning tools
2. Isolate affected devices from production networks if patching cannot be completed within 24 hours
3. Implement network segmentation to restrict access to LTE Configuration endpoints
4. Enable authentication and access controls on device management interfaces
PATCHING:
1. Download latest firmware from D-Link support portal (verify version > 1.01.07)
2. Schedule maintenance windows for firmware updates on all affected devices
3. Test patches in lab environment before production deployment
4. Document all patched devices and maintain inventory
COMPENSATING CONTROLS (if patching delayed):
1. Deploy WAF/IPS rules to block malicious submit-url parameter patterns
2. Restrict network access to device management interfaces using firewall rules
3. Monitor for suspicious LTE Configuration endpoint access attempts
4. Implement rate limiting on /boafrm/formLteSetup endpoint
DETECTION:
1. Monitor for POST requests to /boafrm/formLteSetup with oversized submit-url parameters
2. Alert on any stack-based exception errors from DWR-M960 devices
3. Track firmware version changes and unauthorized configuration modifications
4. Implement IDS signatures for CVE-2026-2926 buffer overflow patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة D-Link DWR-M960 التي تعمل بالإصدار 1.01.07 عبر المنظمة باستخدام أدوات المسح
2. عزل الأجهزة المتأثرة عن شبكات الإنتاج إذا لم يتمكن التصحيح خلال 24 ساعة
3. تطبيق تقسيم الشبكة لتقييد الوصول إلى نقاط نهاية تكوين LTE
4. تفعيل المصادقة والتحكم في الوصول على واجهات إدارة الأجهزة
التصحيح:
1. تحميل أحدث برنامج تثبيت من بوابة دعم D-Link (التحقق من الإصدار > 1.01.07)
2. جدولة نوافذ الصيانة لتحديثات البرنامج على جميع الأجهزة المتأثرة
3. اختبار التصحيحات في بيئة المختبر قبل نشرها في الإنتاج
4. توثيق جميع الأجهزة المصححة والحفاظ على المخزون
الضوابط البديلة (إذا تأخر التصحيح):
1. نشر قواعس WAF/IPS لحجب أنماط معاملات submit-url الضارة
2. تقييد الوصول إلى واجهات إدارة الأجهزة باستخدام قواعد جدار الحماية
3. مراقبة محاولات الوصول المريبة إلى نقطة نهاية تكوين LTE
4. تطبيق تحديد معدل على نقطة النهاية /boafrm/formLteSetup
الكشف:
1. مراقبة طلبات POST إلى /boafrm/formLteSetup بمعاملات submit-url كبيرة الحجم
2. التنبيه على أي أخطاء استثناء قائمة على المكدس من أجهزة DWR-M960
3. تتبع تغييرات إصدار البرنامج والتعديلات غير المصرح بها على الإعدادات
4. تطبيق توقيعات IDS لأنماط تجاوز المخزن المؤقت CVE-2026-2926
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.2.1 - Monitoring and logging of access
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.IP-12 - Security patch management
DE.CM-1 - Detection and monitoring of anomalous activity
🟡 ISO 27001:2022
A.12.3.1 - Segregation of development, test and production environments
A.14.2.1 - Secure development policy and procedures
A.12.6.1 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches must be installed within defined timeframe
🔗 References & Sources 5
🔗
https://github.com/LX-66-LX/cve-new/issues/21
cna@vuldb.com
Exploit
Issue Tracking
Third Party Advisory
🔗
https://vuldb.com/?ctiid.347273
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.347273
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.754498
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://www.dlink.com/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
dlink:dwr-m960_firmware:1.01.07