CVE-2026-10270

HIGH

D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow

Title source: cna

Description

A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.

References (7)

Core 7

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-367549 | D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow

https://vuldb.com/vuln/367549

Signature, Permissions Required signature permissions-required

VDB-367549 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/367549/cti

Third Party Advisory third-party-advisory

CVE-2026-10270 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-10270

Third Party Advisory third-party-advisory

Submit #825198 | D-Link DI-7001MINI-8G <=19.09.19A1 Buffer Overflow

https://vuldb.com/submit/825198

Related related

https://github.com/666324/dlink-DI-7001MINI-8G-vuln

View Writeup ZIP pw:eip

Exploit exploit

https://github.com/666324/dlink-DI-7001MINI-8G-vuln/tree/main/dlink-DI-7001MINI-8G-vuln

View Exploit ZIP pw:eip

Product product

https://www.dlink.com/

Scores

CVSS v3 8.8

EPSS 0.0123

EPSS Percentile 64.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-121

Status published

Products (2)

D-Link/DI-7001 MINI 19.09.19A1

dlink/di-7001mini-8g_firmware 19.09.19a1

Published Jun 01, 2026

Tracked Since Jun 01, 2026