CVE-2026-9460

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-9460 Edimax EW-7438RPn formAccept stack-based overflow

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-9440

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

CVE-2026-9361

A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument submit-url causes command injection. The attack may be initiated remotely. The exploit has been mad...

CVE-2026-9346

CVE-2026-9346 affects Edimax EW-7438RPn firmware up to 1.31, impacting the webs component’s function formWirelessTbl in /goform/formWirelessTbl. The vulnerability stems from manipulating the submit-url argument, leading to a buffer overflow that can be triggered remotely. Public exploit appears t...

CVE-2026-2960

The CVE-2026-2960 affects D-Link DWR-M960 firmware 1.01.07. A flaw in the /boafrm/formDhcpv6s module’s sub_468D64 function allows manipulation of the submit-url to cause a stack-based buffer overflow, enabling remote access. Exploit details have been published and may be used. Remediation recomme...

CVE-2026-2926

A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2026-2926

A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2026-2926

CVE-2026-2926 affects D-Link DWR-M960 with firmware 1.01.07. The flaw resides in the LTE Configuration Endpoint, specifically the function sub_4237AC in /boafrm/formLteSetup, where manipulating the argument submit-url can cause a stack-based buffer overflow. The attack is network-based and can be...

CVE-2026-2925 D-Link DWR-M960 Bridge VLAN Configuration Endpoint formBridgeVlan sub_42B5A0 stack-based overflow

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack...

CVE-2026-2882

A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2026-2883

A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed an...

CVE-2026-2882

A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2026-2882 D-Link DWR-M960 formDosCfg sub_46385C stack-based overflow

A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made...

PT-2026-21393

Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A flaw exists in the D-Link DWR-M960 router, specifically within the sub 427D74 function located in the /boafrm/formIpQoS component. Manipulation of the submit-url argument can trigger a stack-based...

CVE-2026-2855 D-Link DWR-M960 DDNS Settings formDdns sub_4648F0 stack-based overflow

A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit ha...

CVE-2026-2854 D-Link DWR-M960 NTP Configuration Endpoint formNtp sub_4611CC stack-based overflow

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2026-1970

A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The...

CVE-2025-15193

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and...

CVE-2025-15193

The CVE-2025-15193 entry details a buffer overflow in D-Link DWR-M920 (firmware ≤ 1.1.50) caused by manipulating the submit-url argument in function sub_423848 of /boafrm/formParentControl. Exploitation can be remote, and public PoCs exist. Affected product is DWR-M920; root cause is improper han...