CVE-2026-4184

D-Link · DIR-816

The D-Link DIR-816 is susceptible to a remote stack-based buffer overflow via the pskValue argument in the form2Wl5BasicSetup.cgi script.

Executive summary

A critical stack-based buffer overflow in the D-Link DIR-816 allows remote, unauthenticated attackers to execute arbitrary code or cause a denial of service.

Vulnerability

The vulnerability resides in the goahead component within the /goform/form2Wl5BasicSetup.cgi file. By manipulating the pskValue argument, an unauthenticated remote attacker can trigger a stack-based buffer overflow.

Business impact

A CVSS score of 9.8 reflects the potential for full system compromise, including the execution of arbitrary code with high privileges. Since the product is no longer supported, this vulnerability remains a permanent risk to any network utilizing these legacy devices.

Remediation

Immediate Action: Because the product is end-of-life and unsupported, the only effective remediation is to replace the device with a currently supported model.

Proactive Monitoring: Monitor traffic for unexpected crash patterns in the web interface and inspect logs for unusually long or malformed input strings in web requests.

Compensating Controls: Place the device behind a robust firewall and disable remote management interfaces to minimize exposure to external attack vectors.

Exploitation status

Public Exploit Available: Yes

Analyst recommendation

The reliance on an end-of-life product with a critical, publicly exploitable vulnerability is unacceptable for secure operations. Immediate decommissioning and replacement of the D-Link DIR-816 is strongly advised to eliminate this exposure.