CVE-2026-4184
D-Link · DIR-816
The D-Link DIR-816 is susceptible to a remote stack-based buffer overflow via the pskValue argument in the form2Wl5BasicSetup.cgi script.
Executive summary
A critical stack-based buffer overflow in the D-Link DIR-816 allows remote, unauthenticated attackers to execute arbitrary code or cause a denial of service.
Vulnerability
The vulnerability resides in the goahead component within the /goform/form2Wl5BasicSetup.cgi file. By manipulating the pskValue argument, an unauthenticated remote attacker can trigger a stack-based buffer overflow.
Business impact
A CVSS score of 9.8 reflects the potential for full system compromise, including the execution of arbitrary code with high privileges. Since the product is no longer supported, this vulnerability remains a permanent risk to any network utilizing these legacy devices.
Remediation
Immediate Action: Because the product is end-of-life and unsupported, the only effective remediation is to replace the device with a currently supported model.
Proactive Monitoring: Monitor traffic for unexpected crash patterns in the web interface and inspect logs for unusually long or malformed input strings in web requests.
Compensating Controls: Place the device behind a robust firewall and disable remote management interfaces to minimize exposure to external attack vectors.
Exploitation status
Public Exploit Available: Yes
Analyst recommendation
The reliance on an end-of-life product with a critical, publicly exploitable vulnerability is unacceptable for secure operations. Immediate decommissioning and replacement of the D-Link DIR-816 is strongly advised to eliminate this exposure.