Vulnerabilities ›

CVE-2026-2929

High ⚡ Exploit Available

A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the

CWE-119 — Weakness Type

                    Published: Feb 22, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

🤖 AI Executive Summary

A critical stack-based buffer overflow vulnerability exists in D-Link DWR-M960 router firmware version 1.01.07, affecting the wireless access control endpoint. The vulnerability can be exploited remotely through manipulation of the submit-url parameter, potentially allowing unauthorized code execution. With public exploit availability and widespread router deployment in Saudi networks, immediate patching is essential to prevent compromise of network perimeters and potential lateral movement into critical infrastructure.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 01:09

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi telecommunications infrastructure (STC, Mobily, Zain), government networks (NCA, CITC), and enterprise networks utilizing D-Link DWR-M960 routers as edge devices. Banking sector (SAMA-regulated institutions) faces elevated risk if routers are deployed in branch networks or as VPN endpoints. Energy sector (ARAMCO, SEC) and healthcare organizations using these devices for network access control are particularly vulnerable. The publicly disclosed exploit and remote attack vector make this a critical concern for Saudi SOCs managing network perimeter security.

🏢 Affected Saudi Sectors

Telecommunications (STC, Mobily, Zain) Banking and Financial Services (SAMA-regulated) Government and Public Administration (NCA, CITC) Energy and Utilities (ARAMCO, SEC) Healthcare Enterprise Networks ISP and Network Service Providers

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application (remote exploitation of router web interface) T1068 - Exploitation for Privilege Escalation (buffer overflow for code execution) T1547 - Boot or Logon Autostart Execution (potential persistence via firmware modification) T1542 - Pre-OS Boot (firmware-level compromise) T1021 - Remote Services (lateral movement from compromised router) T1040 - Traffic Sniffing (network access from router position)

⚖️ Saudi Risk Score (AI)

8.9

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all D-Link DWR-M960 devices running firmware 1.01.07 in your network using asset discovery tools

2. Isolate affected routers from production networks if patching cannot be completed within 24 hours

3. Implement network segmentation to restrict access to the /boafrm/formWlAc endpoint



PATCHING GUIDANCE:

1. Download latest firmware from D-Link support portal (verify version > 1.01.07)

2. Apply patches during maintenance windows with change management approval

3. Test patches in lab environment before production deployment

4. Document all patched devices and maintain firmware inventory



COMPENSATING CONTROLS (if patching delayed):

1. Implement WAF rules blocking requests to /boafrm/formWlAc with submit-url parameters

2. Restrict administrative access to router management interfaces via IP whitelisting

3. Deploy network IDS/IPS signatures detecting buffer overflow attempts

4. Monitor router logs for suspicious wireless access control modifications



DETECTION RULES:

1. Alert on HTTP POST requests to /boafrm/formWlAc containing submit-url parameter with payload length > 256 bytes

2. Monitor for unexpected process execution or memory corruption on affected routers

3. Track failed authentication attempts and privilege escalation attempts on router management interfaces

4. Implement YARA rules for known exploit payloads if available from threat intelligence feeds

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة D-Link DWR-M960 التي تعمل بالإصدار 1.01.07 في شبكتك باستخدام أدوات اكتشاف الأصول

2. عزل الموجهات المتأثرة عن شبكات الإنتاج إذا لم يتمكن من إكمال التصحيح في غضون 24 ساعة

3. تطبيق تقسيم الشبكة لتقييد الوصول إلى نقطة النهاية /boafrm/formWlAc

إرشادات التصحيح:

1. تنزيل أحدث البرامج الثابتة من بوابة دعم D-Link (تحقق من الإصدار > 1.01.07)

2. تطبيق التصحيحات خلال نوافذ الصيانة مع موافقة إدارة التغيير

3. اختبار التصحيحات في بيئة المختبر قبل نشرها في الإنتاج

4. توثيق جميع الأجهزة المصححة والحفاظ على جرد البرامج الثابتة

الضوابط البديلة (إذا تأخر التصحيح):

1. تطبيق قواعد WAF لحجب الطلبات إلى /boafrm/formWlAc بمعاملات submit-url

2. تقييد الوصول الإداري إلى واجهات إدارة الموجه عبر القائمة البيضاء للعناوين

3. نشر توقيعات IDS/IPS للكشف عن محاولات تجاوز المخزن المؤقت

4. مراقبة سجلات الموجه للتعديلات المريبة على التحكم في الوصول اللاسلكي

قواعد الكشف:

1. تنبيه على طلبات HTTP POST إلى /boafrm/formWlAc تحتوي على معامل submit-url بطول حمولة > 256 بايت

2. مراقبة تنفيذ العمليات غير المتوقعة أو تلف الذاكرة على الموجهات المتأثرة

3. تتبع محاولات المصادقة الفاشلة ومحاولات تصعيد الامتيازات على واجهات إدارة الموجه

4. تطبيق قواعد YARA للحمولات الاستغلالية المعروفة إن توفرت من مصادر الذكاء التهديدي

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.8.1 - Asset Management and Inventory Control (router firmware tracking) ECC 2024 A.12.6 - Change Management (firmware update procedures) ECC 2024 A.14.2 - System Development and Maintenance (vulnerability patching) ECC 2024 A.5.2 - User Access Management (restrict router admin access)

🔵 SAMA CSF

SAMA CSF ID.BE-1 - Business Environment (network infrastructure resilience) SAMA CSF PR.DS-6 - Data Security (protect network perimeter devices) SAMA CSF PR.IP-12 - Information Protection Processes (patch management) SAMA CSF DE.CM-1 - Detection and Analysis (monitor for exploitation attempts)

🟡 ISO 27001:2022

ISO 27001:2022 A.8.1 - Asset Management (inventory and control of network devices) ISO 27001:2022 A.12.6.1 - Change Management (formal change control for firmware) ISO 27001:2022 A.14.2.1 - System Development (secure development and patching) ISO 27001:2022 A.5.23 - Information Security for Supplier Relationships (vendor patch management)

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security Patches (timely application of vendor patches) PCI DSS 11.2 - Vulnerability Scanning (identify affected systems) PCI DSS 1.1 - Firewall Configuration Standards (router security controls)

🔗 References & Sources 5

🔗

https://github.com/LX-66-LX/cve-new/issues/24

cna@vuldb.com

Exploit Issue Tracking Third Party Advisory

🔗

https://vuldb.com/?ctiid.347276

cna@vuldb.com

Permissions Required VDB Entry

🔗

https://vuldb.com/?id.347276

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/?submit.754503

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://www.dlink.com/

cna@vuldb.com

Product

📦 Affected Products / CPE 1 entries

dlink:dwr-m960_firmware:1.01.07

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.03%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-02-22

Source Feed nvd

🇸🇦 Saudi Risk Score

8.9

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

exploit-available CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-2929

💬 Comments

Introduce Yourself

Sign In Required