CVE-2026-2960 identifies a stack-based buffer overflow vulnerability in the D-Link DWR-M960 router firmware version 1.01.07. The vulnerability resides in the function sub_468D64 of the /boafrm/formDhcpv6s component, specifically triggered by a crafted manipulation of the submit-url argument. This flaw allows an attacker to overflow the stack buffer remotely, without requiring authentication or user interaction, thereby enabling arbitrary code execution with elevated privileges on the device. The vulnerability is remotely exploitable over the network, making it particularly dangerous for exposed devices. The CVSS 4.0 base score of 8.7 reflects its high severity, with metrics indicating network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. While no confirmed active exploitation in the wild has been reported, the public availability of an exploit increases the urgency for remediation. The vulnerability could lead to device takeover, network disruption, or use of the compromised router as a pivot point for further attacks within organizational networks. The lack of an official patch link suggests that mitigation may currently rely on workarounds or vendor updates pending release. This vulnerability highlights the critical need for secure input validation and buffer management in embedded device firmware to prevent remote code execution risks.

The impact of CVE-2026-2960 is significant for organizations deploying the D-Link DWR-M960 router, especially in environments where these devices are internet-facing or part of critical network infrastructure. Successful exploitation can lead to full device compromise, allowing attackers to execute arbitrary code with elevated privileges. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, disruption of network services, and potential lateral movement to other systems. Confidentiality is at risk as attackers may exfiltrate sensitive data passing through the router. Integrity can be compromised by altering device configurations or injecting malicious payloads. Availability may be affected by causing device crashes or denial of service. The ease of remote exploitation without authentication or user interaction increases the threat level, making automated attacks feasible. Organizations relying on this router model without timely patching or mitigations face heightened risk of network breaches, data loss, and operational disruptions.

To mitigate CVE-2026-2960, organizations should immediately verify if they are using the D-Link DWR-M960 router with firmware version 1.01.07 and prioritize upgrading to a patched firmware version once released by D-Link. In the absence of an official patch, network administrators should restrict access to the router’s management interface by implementing network segmentation and firewall rules to limit exposure to trusted IP addresses only. Disabling remote management features and IPv6 services related to DHCPv6 if not required can reduce the attack surface. Monitoring network traffic for unusual patterns or exploit attempts targeting the submit-url parameter is recommended. Employing intrusion detection/prevention systems with signatures for this vulnerability can help detect exploitation attempts. Regularly auditing device configurations and applying security best practices for embedded devices will further reduce risk. Vendors and users should maintain vigilance for updates and advisories related to this vulnerability to ensure timely remediation.