CVE-2026-2962 is a stack-based buffer overflow vulnerability identified in the D-Link DWR-M960 router running firmware version 1.01.07. The vulnerability resides in the Scheduled Reboot Configuration Endpoint, specifically within the function sub_460F30 that processes requests to /boafrm/formDateReboot. The flaw is triggered by manipulating the submit-url argument, which leads to a stack buffer overflow due to improper bounds checking or input validation. This overflow can corrupt the stack, potentially allowing an attacker to execute arbitrary code remotely or cause a denial of service by crashing the device. The attack vector is network-based and does not require authentication or user interaction, making it highly accessible to remote attackers. The CVSS v4.0 score is 8.7 (high), reflecting the ease of exploitation (network attack vector, low complexity) and the significant impact on confidentiality, integrity, and availability. Although no active exploits have been observed in the wild, the public availability of exploit code increases the likelihood of future attacks. The vulnerability affects only firmware version 1.01.07 of the DWR-M960 model, so devices running other versions or models are not impacted. No official patches have been linked yet, so mitigation currently relies on network-level controls and monitoring.

The impact of CVE-2026-2962 is substantial for organizations using the D-Link DWR-M960 router with the vulnerable firmware. Successful exploitation can lead to full compromise of the device, allowing attackers to execute arbitrary code, potentially gaining control over the router. This can result in interception or manipulation of network traffic, disruption of internet connectivity, and pivoting into internal networks. The confidentiality, integrity, and availability of network communications are at risk. Since the vulnerability requires no authentication and no user interaction, attackers can launch automated attacks remotely, increasing the scale and speed of potential compromises. Critical infrastructure, enterprises, and service providers relying on this router model could face operational disruptions and data breaches. The lack of a patch at the time of disclosure further elevates the risk, necessitating immediate mitigation measures.

1. Immediately isolate affected D-Link DWR-M960 devices running firmware 1.01.07 from untrusted networks, especially the internet, to prevent remote exploitation. 2. Implement strict firewall rules to block access to the /boafrm/formDateReboot endpoint or the management interface from untrusted sources. 3. Monitor network traffic for unusual requests targeting the Scheduled Reboot Configuration Endpoint, particularly those manipulating the submit-url parameter. 4. Apply network intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect and block exploit attempts against this vulnerability. 5. Contact D-Link support or check official channels regularly for firmware updates or patches addressing CVE-2026-2962 and apply them promptly once available. 6. As a temporary workaround, disable remote management features or restrict management access to trusted internal networks only. 7. Conduct regular security audits and vulnerability scans on network devices to identify and remediate outdated firmware versions. 8. Educate network administrators about this vulnerability and ensure incident response plans include steps for potential exploitation scenarios involving network infrastructure devices.