CVE-2026-2962 is a stack-based buffer overflow vulnerability identified in the D-Link DWR-M960 router firmware version 1.01.07. The vulnerability resides in the Scheduled Reboot Configuration Endpoint, specifically within the sub_460F30 function that processes requests to /boafrm/formDateReboot. The flaw arises from improper handling of the submit-url argument, which can be manipulated by an attacker to overflow the stack buffer. This overflow can overwrite critical control data on the stack, potentially allowing remote attackers to execute arbitrary code or cause denial of service conditions. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its severity and ease of exploitation. The CVSS 4.0 score of 8.7 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no active exploits in the wild have been reported, a public exploit is available, which could facilitate attacks by malicious actors. The vulnerability affects a widely deployed router model used in various enterprise and consumer environments, making it a significant security concern. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts to reduce exposure.

The impact of CVE-2026-2962 is substantial for organizations relying on the D-Link DWR-M960 router. Exploitation can lead to arbitrary code execution, allowing attackers to take full control of the affected device. This compromises the confidentiality of network traffic, integrity of device configurations, and availability of network services. Attackers could use the compromised router as a foothold to pivot into internal networks, conduct further attacks, or disrupt network operations. Given the router’s role in managing scheduled reboots and network connectivity, disruption could affect business continuity and critical infrastructure. The remote and unauthenticated nature of the exploit increases the risk of widespread attacks, especially in environments where these routers are exposed to untrusted networks. Organizations may face data breaches, service outages, and potential regulatory consequences if the vulnerability is exploited.

To mitigate CVE-2026-2962, organizations should immediately check for firmware updates from D-Link addressing this vulnerability and apply them as soon as they become available. In the absence of official patches, network administrators should restrict access to the router’s management interface by implementing network segmentation and firewall rules to block external access to the /boafrm/formDateReboot endpoint. Disabling remote management features or restricting them to trusted IP addresses can reduce exposure. Monitoring network traffic for unusual requests targeting the submit-url parameter can help detect exploitation attempts. Employing intrusion detection/prevention systems (IDS/IPS) with signatures for this vulnerability can provide additional defense. Regularly auditing router configurations and logs for anomalies is recommended. Finally, organizations should consider replacing affected devices with models that have a stronger security posture if patching is not feasible.