CVE-2026-4182
Stack-Based Buffer Overflow in D-Link DIR-816 goahead Component
Publication date: 2026-03-16
Last updated on: 2026-03-19
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-816_firmware | 1.10cnb05 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-4182 is a stack-based buffer overflow vulnerability found in the D-Link DIR-816 router's GoAhead web server component, specifically in the /goform/form2Wl5RepeaterStep2.cgi function."}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the input parameters key1, key2, key3, key4, and pskValue are copied directly from attacker-controlled input into local stack variables without proper length validation or input sanitization.'}, {'type': 'paragraph', 'content': "If an attacker sends excessively long strings for these parameters, it causes a stack buffer overflow that can overwrite the function's return address, enabling arbitrary code execution on the device."}, {'type': 'paragraph', 'content': 'This flaw can be exploited remotely without authentication by sending a specially crafted POST request to the vulnerable CGI endpoint.'}, {'type': 'paragraph', 'content': 'The vulnerability can cause the router to crash and become unresponsive, disrupting its services.'}, {'type': 'paragraph', 'content': 'Mitigation requires implementing proper input validation and length checks on these parameters to prevent buffer overflow.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution and denial of service on the affected D-Link DIR-816 router.
An attacker can exploit this flaw remotely without any authentication, allowing them to execute arbitrary code, potentially taking full control of the device.
Exploitation can also cause the router to crash and become unresponsive, resulting in a denial of service that disrupts network connectivity and availability.
Since the affected products are no longer supported by the vendor, no official patches or mitigations are available, increasing the risk.
The compromise of the router could lead to further network security breaches, data interception, or manipulation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending a specially crafted POST request to the vulnerable router's CGI endpoint /goform/form2Wl5RepeaterStep2.cgi with excessively long strings assigned to parameters key1, key2, key3, key4, or pskValue. A proof of concept involves sending a POST request with a very long string (e.g., repeated 'a' characters) to these parameters, which causes the router to crash or become unresponsive."}, {'type': 'paragraph', 'content': 'A detection command example using curl could be:'}, {'type': 'list_item', 'content': 'curl -X POST http://[router_ip]/goform/form2Wl5RepeaterStep2.cgi -d "key1=$(python3 -c \'print("a"*1000)\')&key2=test&key3=test&key4=test&pskValue=test"'}, {'type': 'paragraph', 'content': 'If the router crashes or becomes unresponsive after this request, it indicates the presence of the vulnerability.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected D-Link DIR-816 device, as the product is no longer supported and no known software patches or countermeasures exist.
Additionally, restricting network access to the vulnerable CGI endpoint and disabling remote management features can reduce exposure.
Implementing proper input validation and length checks on the parameters key1, key2, key3, key4, and pskValue would mitigate the vulnerability, but this requires vendor support or firmware updates which are not available.