CVE-2026-4182
Awaiting Analysis Awaiting Analysis - Queue
Stack-Based Buffer Overflow in D-Link DIR-816 goahead Component

Publication date: 2026-03-16

Last updated on: 2026-03-19

Assigner: VulDB

Description
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4182
EUVD
EUVD-2026-12235
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-816_firmware 1.10cnb05
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-4182 is a stack-based buffer overflow vulnerability found in the D-Link DIR-816 router's GoAhead web server component, specifically in the /goform/form2Wl5RepeaterStep2.cgi function."}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the input parameters key1, key2, key3, key4, and pskValue are copied directly from attacker-controlled input into local stack variables without proper length validation or input sanitization.'}, {'type': 'paragraph', 'content': "If an attacker sends excessively long strings for these parameters, it causes a stack buffer overflow that can overwrite the function's return address, enabling arbitrary code execution on the device."}, {'type': 'paragraph', 'content': 'This flaw can be exploited remotely without authentication by sending a specially crafted POST request to the vulnerable CGI endpoint.'}, {'type': 'paragraph', 'content': 'The vulnerability can cause the router to crash and become unresponsive, disrupting its services.'}, {'type': 'paragraph', 'content': 'Mitigation requires implementing proper input validation and length checks on these parameters to prevent buffer overflow.'}] [1, 2, 3]

Impact Analysis

This vulnerability can have severe impacts including remote code execution and denial of service on the affected D-Link DIR-816 router.

An attacker can exploit this flaw remotely without any authentication, allowing them to execute arbitrary code, potentially taking full control of the device.

Exploitation can also cause the router to crash and become unresponsive, resulting in a denial of service that disrupts network connectivity and availability.

Since the affected products are no longer supported by the vendor, no official patches or mitigations are available, increasing the risk.

The compromise of the router could lead to further network security breaches, data interception, or manipulation.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending a specially crafted POST request to the vulnerable router's CGI endpoint /goform/form2Wl5RepeaterStep2.cgi with excessively long strings assigned to parameters key1, key2, key3, key4, or pskValue. A proof of concept involves sending a POST request with a very long string (e.g., repeated 'a' characters) to these parameters, which causes the router to crash or become unresponsive."}, {'type': 'paragraph', 'content': 'A detection command example using curl could be:'}, {'type': 'list_item', 'content': 'curl -X POST http://[router_ip]/goform/form2Wl5RepeaterStep2.cgi -d "key1=$(python3 -c \'print("a"*1000)\')&key2=test&key3=test&key4=test&pskValue=test"'}, {'type': 'paragraph', 'content': 'If the router crashes or becomes unresponsive after this request, it indicates the presence of the vulnerability.'}] [1, 3]

Mitigation Strategies

Immediate mitigation steps include replacing the affected D-Link DIR-816 device, as the product is no longer supported and no known software patches or countermeasures exist.

Additionally, restricting network access to the vulnerable CGI endpoint and disabling remote management features can reduce exposure.

Implementing proper input validation and length checks on the parameters key1, key2, key3, key4, and pskValue would mitigate the vulnerability, but this requires vendor support or firmware updates which are not available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4182. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart