CVE-2026-7247

HIGH

D-Link DI-8100 File Extension file_exten.asp file_exten_asp buffer overflow

Title source: cna

Description

A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

References (5)

[Exploit] https://github.com/draw-ctf/report/blob/main/DI-8100/file_exten_asp_overflow.md

View Exploit ZIP pw:eip

[Product] https://www.dlink.com/

[Vdb Entry, Technical Description] https://vuldb.com/vuln/359856

[Signature, Permissions Required] https://vuldb.com/vuln/359856/cti

[Third Party Advisory] https://vuldb.com/submit/802868

Scores

CVSS v3 7.2

EPSS 0.0004

EPSS Percentile 13.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-120

Status published

Products (1)

D-Link/DI-8100 16.07.26A1

Published Apr 28, 2026

Tracked Since Apr 28, 2026