CVE-2026-7247

HIGH

D-Link DI-8100 File Extension file_exten.asp file_exten_asp buffer overflow

Title source: cna

Description

A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

References (5)

Core 5

Core References

Exploit exploit

https://github.com/draw-ctf/report/blob/main/DI-8100/file_exten_asp_overflow.md

View Exploit ZIP pw:eip

Product product

https://www.dlink.com/

Vdb Entry, Technical Description vdb-entry technical-description

VDB-359856 | D-Link DI-8100 File Extension file_exten.asp file_exten_asp buffer overflow

https://vuldb.com/vuln/359856

Signature, Permissions Required signature permissions-required

VDB-359856 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/359856/cti

Third Party Advisory third-party-advisory

Submit #802868 | D-Link DI-8100 16.07.26A1 Denial of Service

https://vuldb.com/submit/802868

Scores

CVSS v3 7.2

EPSS 0.0072

EPSS Percentile 48.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-120

Status published

Products (2)

D-Link/DI-8100 16.07.26A1

dlink/di-8100_firmware 16.07.26a1

Published Apr 28, 2026

Tracked Since Apr 28, 2026