CVE-2026-7853

CRITICAL

D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow

Title source: cna

Description

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-361130 | D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow

https://vuldb.com/vuln/361130

Signature, Permissions Required signature permissions-required

VDB-361130 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/361130/cti

Third Party Advisory third-party-advisory

Submit #807837 | D-Link DI-8100 16.07.26A1 Denial of Service

https://vuldb.com/submit/807837

Exploit exploit

https://github.com/draw-ctf/report/blob/main/DI-8100/auto_reboot_asp_overflow.md

View Exploit ZIP pw:eip

Product product

https://www.dlink.com/

Scores

CVSS v3 9.8

EPSS 0.0010

EPSS Percentile 26.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-119 CWE-120

Status published

Products (2)

D-Link/DI-8100 16.07.26A1

dlink/di-8100_firmware 16.07.26a1

Published May 05, 2026

Tracked Since May 05, 2026