CVE-2026-7248

CRITICAL

D-Link DI-8100 CGI Endpoint tgfile.htm tgfile_htm buffer overflow

Title source: cna

Description

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/359857

[Signature, Permissions Required] https://vuldb.com/vuln/359857/cti

[Third Party Advisory] https://vuldb.com/submit/802869

[Exploit] https://github.com/draw-ctf/report/blob/main/DI-8100/DI-8100_tgfile_htm_overflow.md

View Exploit ZIP pw:eip

[Product] https://www.dlink.com/

Scores

CVSS v3 9.8

EPSS 0.0002

EPSS Percentile 6.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-119 CWE-120

Status published

Products (1)

D-Link/DI-8100 16.07.26A1

Published Apr 28, 2026

Tracked Since Apr 28, 2026