CVE-2026-2960 is a stack-based buffer overflow vulnerability identified in the D-Link DWR-M960 router firmware version 1.01.07. The vulnerability resides in the function sub_468D64 within the /boafrm/formDhcpv6s component, specifically triggered by crafted input in the submit-url parameter. This flaw allows an attacker to remotely execute arbitrary code by overflowing the stack buffer, potentially leading to full system compromise. The vulnerability requires no user interaction and no prior authentication, making it exploitable over the network by any remote attacker. The CVSS 4.0 score of 8.7 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no confirmed active exploitation has been reported, a public exploit is available, increasing the likelihood of future attacks. The vulnerability affects only firmware version 1.01.07, and no official patches have been linked yet. The attack vector targets the router’s web management interface, which is often exposed to the internet or internal networks, making it a critical risk for organizations relying on this device for network connectivity and security.

The impact of CVE-2026-2960 is significant for organizations using the D-Link DWR-M960 router, as successful exploitation can lead to remote code execution with elevated privileges. This could allow attackers to take full control of the device, intercept or manipulate network traffic, disrupt network availability, or use the compromised router as a foothold for further attacks within the network. The confidentiality of sensitive data passing through the router could be breached, and the integrity of network operations compromised. Given the router’s role in providing internet connectivity, exploitation could result in widespread service disruption. The ease of exploitation without authentication and user interaction increases the risk of automated attacks and worm-like propagation. Organizations in sectors relying on these routers for critical infrastructure or remote connectivity are particularly at risk, potentially facing operational downtime, data breaches, and reputational damage.

To mitigate CVE-2026-2960, organizations should first verify if they are running the affected firmware version 1.01.07 on D-Link DWR-M960 devices. Immediate steps include disabling remote web management interfaces or restricting access to trusted IP addresses only. Network segmentation should be employed to isolate vulnerable devices from critical infrastructure and sensitive data networks. Monitoring network traffic for unusual requests targeting the /boafrm/formDhcpv6s endpoint or the submit-url parameter can help detect exploitation attempts. If possible, apply any available vendor patches or firmware updates as soon as they are released. In the absence of patches, consider deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to block exploit payloads targeting this vulnerability. Regularly audit device configurations and ensure strong administrative credentials are in place to reduce the risk of lateral movement post-compromise. Finally, maintain up-to-date backups of router configurations and network device inventories to facilitate rapid recovery if needed.