CVE-2026-10206

HIGH

D-Link DI-8400 dbsrv.asp stack-based overflow

Title source: cna

Description

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.

References (6)

Core 6

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-367486 | D-Link DI-8400 dbsrv.asp stack-based overflow

https://vuldb.com/vuln/367486

Signature, Permissions Required signature permissions-required

VDB-367486 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/367486/cti

Third Party Advisory third-party-advisory

CVE-2026-10206 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-10206

Third Party Advisory third-party-advisory

Submit #821716 | D-Link DI-8400 <=v16.07.26A1 Buffer Overflow

https://vuldb.com/submit/821716

Exploit exploit

https://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vuln

View Exploit ZIP pw:eip

Product product

https://www.dlink.com/

Scores

CVSS v3 8.8

EPSS 0.0050

EPSS Percentile 38.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-121

Status published

Products (1)

D-Link/DI-8400 16.07.26A1

Published Jun 01, 2026

Tracked Since Jun 01, 2026