CVE-2026-4184
Awaiting Analysis Awaiting Analysis - Queue
Remote Stack-Based Buffer Overflow in D-Link DIR-816 goahead Component

Publication date: 2026-03-16

Last updated on: 2026-03-19

Assigner: VulDB

Description
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4184
EUVD
EUVD-2026-12239
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-816_firmware 1.10cnb05
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-4184 is a stack-based buffer overflow vulnerability in the GoAhead web server component of the D-Link DIR-816 router, firmware version 1.10CNB05.'}, {'type': 'paragraph', 'content': 'The flaw occurs in the CGI function form2Wl5BasicSetup.cgi, specifically in the handling of the pskValue parameter. This parameter is taken from an HTTP POST request and copied into a local stack variable without any input length validation.'}, {'type': 'paragraph', 'content': "If an attacker supplies an excessively long pskValue, it overwrites the function's return address on the stack, causing a buffer overflow that can lead to arbitrary code execution or a crash of the router's server."}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited remotely without authentication by sending a crafted HTTP POST request to the vulnerable CGI endpoint.'}] [1, 2, 3]

Impact Analysis

This vulnerability can have severe impacts on the affected device and its users.

  • Remote attackers can exploit the flaw without authentication.
  • Successful exploitation can lead to arbitrary code execution, allowing attackers to take control of the router.
  • The router can crash and become unresponsive, causing denial of service and disruption of network connectivity.
  • Confidentiality, integrity, and availability of the device and network traffic can be compromised.
  • Since the affected product is no longer supported by the vendor, no official patches or mitigations are available, increasing the risk.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending a crafted HTTP POST request to the vulnerable endpoint /goform/form2Wl5BasicSetup.cgi with an excessively long pskValue parameter. A proof-of-concept involves sending a POST request where pskValue consists of repeated characters (e.g., 'a') to trigger the stack-based buffer overflow."}, {'type': 'paragraph', 'content': 'A simple detection command using curl could be:'}, {'type': 'list_item', 'content': 'curl -X POST http://<router-ip>/goform/form2Wl5BasicSetup.cgi -d "pskValue=$(python3 -c \'print("a"*1000)\')"'}, {'type': 'paragraph', 'content': 'If the router crashes or becomes unresponsive after this request, it indicates the presence of the vulnerability.'}] [1, 3]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Since the affected product (D-Link DIR-816 1.10CNB05) is no longer supported by the vendor and no known countermeasures or patches are available, the recommended immediate mitigation is to replace the vulnerable device with a supported and updated model.'}, {'type': 'paragraph', 'content': "Additionally, to reduce risk, restrict remote access to the router's management interface to trusted networks only, and monitor for suspicious POST requests to /goform/form2Wl5BasicSetup.cgi."}, {'type': 'paragraph', 'content': 'Implementing strict input validation and length checks on the pskValue parameter is recommended in theory, but this requires vendor action or custom firmware modifications.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4184. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart