CVE-2026-4182

CriticalPublic PoC

Published: 16 March 2026

Published

16 March 2026

Modified

19 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0027 50.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The…

exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Mitigating Controls (NIST 800-53 r5)AI

SA-22 Unsupported System Components good match

prevent

Prohibits use of unsupported system components like the end-of-life D-Link DIR-816 router, preventing deployment of devices with unpatchable vulnerabilities such as this buffer overflow.

SI-10 Information Input Validation good match

prevent

Requires validation of untrusted inputs such as key1/key2/key3/key4/pskValue in the CGI script, directly preventing the stack-based buffer overflow triggered by malformed arguments.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms like stack canaries and non-executable stacks to block exploitation of stack-based buffer overflows even if input validation fails.

Security SummaryAI

CVE-2026-4182 is a stack-based buffer overflow vulnerability affecting the D-Link DIR-816 router on firmware version 1.10CNB05. The flaw impacts an unknown function in the file /goform/form2Wl5RepeaterStep2.cgi within the goahead web server component. It is triggered by manipulation of the arguments key1, key2, key3, key4, and pskValue, as associated with CWE-119, CWE-121, and CWE-787.

Attackers can exploit this vulnerability remotely over the network without authentication or user interaction, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Any unauthenticated remote attacker with network access to the device can achieve high impacts on confidentiality, integrity, and availability, potentially leading to full compromise of the router.

Advisories note that this vulnerability only affects products no longer supported by the maintainer, with no patches available. VulDB entries (ctiid.351086, id.351086, submit.769830) and a GitHub repository (wudipjq/my_vuln) provide details on the issue, including a publicly available exploit. The D-Link website is referenced but offers no specific mitigation.

The public availability of the exploit heightens risks for any remaining deployments of the unsupported DIR-816 firmware.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

dlink

dir-816 firmware

1.10cnb05

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote buffer overflow in public-facing router web server CGI script enables full device compromise via exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_86/86.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.351086
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.351086
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.769830
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com