CVE-2026-4183

D-Link · DIR-816

A remote stack-based buffer overflow exists in the D-Link DIR-816 via the pskValue argument in the form2WlanBasicSetup.cgi script.

Executive summary

A critical stack-based buffer overflow in the D-Link DIR-816 allows remote, unauthenticated attackers to execute arbitrary code.

Vulnerability

This vulnerability affects the goahead component in the /goform/form2WlanBasicSetup.cgi file. An unauthenticated attacker can exploit this via the pskValue argument to overflow the stack, potentially hijacking the execution flow.

Business impact

The severity of this flaw (CVSS 9.8) indicates a high likelihood of successful system takeover. As an unsupported legacy device, the risk of permanent, unpatchable exposure makes this a critical threat to the confidentiality, integrity, and availability of the network.

Remediation

Immediate Action: Retire the affected hardware immediately, as the manufacturer no longer provides security updates for the D-Link DIR-816.

Proactive Monitoring: Observe network logs for suspicious HTTP POST requests directed at the /goform/ directory and monitor for device instability or unexpected reboots.

Compensating Controls: Use a Web Application Firewall (WAF) to filter and block requests containing abnormally long strings in the pskValue parameter if immediate replacement is not feasible.

Exploitation status

Public Exploit Available: Yes

Analyst recommendation

The combination of a 9.8 CVSS score and the lack of vendor support creates an extreme risk profile. Security teams must prioritize the removal of these devices from all production environments immediately.