CVE-2026-4182 | A weakness has been identified in D-Link DIR-816 1.10CNB05. … | CVSS 9.8 CRITICAL

Description

A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Metadata

CVE ID: CVE-2026-4182
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-03-14 21:57 UTC
Published: 2026-03-15 16:02 UTC
Last updated: 2026-03-16 14:40 UTC
Primary CWE: CWE-121
Stack-based Buffer Overflow
Vendor / Product: D-Link / DIR-816
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
D-Link	DIR-816	—	1.10CNB05

Weakness (CWE)

CWE	Source	Description
CWE-119	cna	Memory Corruption
CWE-121	cna	Stack-based Buffer Overflow

CVSS scores (4)

Score	Severity	Version	Source	Vector
10.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
9.8	CRITICAL	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
9.3	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References (5)

VDB-351086 | D-Link DIR-816 goahead form2Wl5RepeaterStep2.cgi stack-based overflow https://vuldb.com/?id.351086
VDB-351086 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/?ctiid.351086
Submit #769830 | D-Link DIR816 1.10CNB05 Stack-based Buffer Overflow https://vuldb.com/?submit.769830
https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_86/86.md
https://www.dlink.com/