CVE-2026-4183

CriticalPublic PoC

Published: 16 March 2026

Published

16 March 2026

Modified

19 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0027 50.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely.…

The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Mitigating Controls (NIST 800-53 r5)AI

SA-22 Unsupported System Components good match

prevent

Mandates replacement or retirement of unsupported end-of-life system components like the D-Link DIR-816 router, directly eliminating exposure to this unpatchable vulnerability.

SI-10 Information Input Validation good match

prevent

Prevents stack-based buffer overflows by enforcing validation of critical inputs such as the pskValue argument in the vulnerable CGI script.

SC-7 Boundary Protection good match

prevent

Blocks remote unauthenticated network access to the goahead web server component hosting the vulnerable /goform/form2WlanBasicSetup.cgi endpoint.

Security SummaryAI

CVE-2026-4183 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121, CWE-787) affecting the D-Link DIR-816 router on firmware version 1.10CNB05. The flaw exists in an unknown function of the file /goform/form2WlanBasicSetup.cgi within the goahead web server component, where manipulation of the pskValue argument triggers the overflow. Published on 2026-03-16, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

Any remote unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation allows arbitrary code execution, potentially granting full control over the device, including data exfiltration, modification of configurations, or denial of service.

VulDB advisories and a GitHub disclosure detail the vulnerability, confirming public availability of an exploit. The affected products are no longer supported by D-Link, so no patches or firmware updates are available; mitigation relies on isolating exposed devices, restricting network access, or decommissioning them. The general D-Link website provides no specific guidance for this issue.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

dlink

dir-816 firmware

1.10cnb05

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a remotely exploitable buffer overflow in the public-facing web interface (CGI script) of a router's goahead web server, directly enabling arbitrary code execution via T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_87/87.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.351087
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.351087
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.769831
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.dlink.com/
Product · cna@vuldb.com