CVE-2026-2929 identifies a stack-based buffer overflow vulnerability in the D-Link DWR-M960 router firmware version 1.01.07. The vulnerability resides in the Wireless Access Control Endpoint component, specifically in the function sub_453140 located in the /boafrm/formWlAc file. The flaw is triggered by manipulating the submit-url argument, which leads to a stack buffer overflow condition. This type of vulnerability can allow an attacker to overwrite the stack memory, potentially enabling arbitrary code execution with the privileges of the affected process. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it highly dangerous. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H, I:H, A:H). Although no known exploits are currently active in the wild, the public disclosure of exploit code increases the likelihood of exploitation attempts. The vulnerability affects a widely deployed D-Link router model used in both consumer and enterprise environments, particularly for wireless access control functions. No official patches or mitigation links are provided yet, indicating the need for immediate defensive measures.

The vulnerability poses a significant risk to organizations and individuals using the D-Link DWR-M960 router with firmware version 1.01.07. Successful exploitation can lead to remote code execution, allowing attackers to take full control of the device. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, disruption of network services, and potential pivoting to other connected systems. The compromise of wireless access control functions could undermine network security policies and facilitate further attacks. Given the router's role in managing wireless access, the impact extends to confidentiality breaches, integrity violations, and availability disruptions. The lack of required authentication and user interaction lowers the barrier for attackers, increasing the threat landscape. Organizations relying on this hardware for critical connectivity or security enforcement face elevated risks of data breaches, service outages, and operational disruptions.

1. Immediately check for firmware updates from D-Link addressing CVE-2026-2929 and apply them as soon as they become available. 2. If no official patch exists, consider temporarily disabling the Wireless Access Control Endpoint feature or restricting access to the /boafrm/formWlAc interface via firewall rules or network segmentation to limit exposure. 3. Monitor network traffic for unusual requests targeting the submit-url parameter or the affected endpoint to detect potential exploitation attempts. 4. Implement network-level intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics tuned to detect buffer overflow exploit patterns against D-Link routers. 5. Replace affected devices with models not vulnerable to this issue if patching or mitigation is not feasible in the short term. 6. Enforce strict access controls on management interfaces, including limiting remote access and using VPNs or secure tunnels. 7. Conduct regular security audits and vulnerability assessments on network infrastructure to identify and remediate similar risks proactively.