CVE-2026-2925

Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07

Description A flaw exists in the D-Link DWR-M960 router firmware that allows for remote exploitation. The issue is located within the sub 42B5A0 function of the /boafrm/formBridgeVlan component, specifically in the Bridge VLAN Configuration Endpoint. Manipulation of the submit-url argument can lead to a stack-based buffer overflow. The exploit is publicly available.

Recommendations Versions prior to 1.01.07 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.