Which versions of D-Link DI-8400 are affected by CVE-2026-10206?

D-Link DI-8400 routers (firmware ≤16.07.26A1) contain a stack buffer overflow in the administrative interface that could allow authenticated attackers to execute code on the device; publicly…

Is there a public PoC exploit available for CVE-2026-10206?

Yes, a public proof-of-concept exploit is available for CVE-2026-10206. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-10206?

Within 24 hours: Inventory all D-Link DI-8400 routers running firmware 16.07.26A1 or earlier in your environment; immediately restrict administrative access to these devices via firewall rules and disable remote management if not operationally required. Within 7 days: Implement network segmentation to isolate affected routers from critical infrastructure; enforce multi-factor authentication on all administrative accounts; monitor device logs for suspicious login activity. Within 30 days: Check D-Link security advisories weekly for emergency firmware patches; begin procurement process to replace affected routers if no patch is released; evaluate alternative network equipment from vendors with active security update cycles.

D-Link DI-8400 CVE-2026-10206

Q: What is the CVSS score of CVE-2026-10206?

CVE-2026-10206 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-33528 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-06-01 VulDB

GHSA-h983-438c-387c

Buffer Overflow D-Link Stack Overflow

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Jun 01, 2026 - 01:27 vuln.today

v3 (cvss_changed)

Analysis Updated

Jun 01, 2026 - 01:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Jun 01, 2026 - 01:22 vuln.today

cvss_changed

CVSS changed

Jun 01, 2026 - 01:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Jun 01, 2026 - 00:41 vuln.today

DescriptionCVE.org

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.

AnalysisAI

Stack-based buffer overflow in D-Link DI-8400 routers through firmware 16.07.26A1 allows authenticated remote attackers to corrupt memory by manipulating the 'str' parameter in /dbsrv.asp, potentially achieving code execution on the device. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges per the CVSS 4.0 vector. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify exposed DI-8400 web UI

Delivery

Authenticate with low-privilege credentials

Exploit

Send oversized 'str' parameter to /dbsrv.asp

Execution

Overflow stack buffer and hijack return address

Persist

Execute shellcode on router

Impact

Pivot or enroll in botnet

Access

Identify exposed DI-8400 web UI

Delivery

Authenticate with low-privilege credentials

Exploit

Send oversized 'str' parameter to /dbsrv.asp

Execution

Overflow stack buffer and hijack return address

Persist

Execute shellcode on router

Impact

Pivot or enroll in botnet

Vulnerability AssessmentAI

Exploitation	Attacker must have network reachability to the router's web management interface (HTTP/HTTPS, typically port 80/443) and a valid low-privilege web UI account (CVSS PR:L), with no user interaction required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) indicates network-reachable, low-complexity exploitation requiring only low privileges and no user interaction, with high impact to confidentiality, integrity, and availability of the device itself (scope-changed metrics are N), yielding a base score of 7.4. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with low-privileged credentials to the router's web UI (obtained via default credentials, prior phishing, or credential reuse) sends a crafted HTTP request to /dbsrv.asp with an oversized value in the 'str' parameter (or a related parameter, given the researcher's noted ambiguity), overflowing a stack buffer and overwriting the saved return address to redirect execution. Because publicly available exploit code exists on GitHub, the barrier to weaponization is low, and successful exploitation can yield arbitrary code execution on the router, enabling traffic interception, pivoting into the internal network, or enrollment in a botnet.
Remediation	No vendor-released patch identified at time of analysis; the D-Link advisory page (https://www.dlink.com/) should be monitored for a firmware release superseding 16.07.26A1. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all D-Link DI-8400 routers running firmware 16.07.26A1 or earlier in your environment; immediately restrict administrative access to these devices via firewall rules and disable remote management if not operationally required. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12174 HIGH This Week POC

7.4 Jun 13

Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt me

CVE-2026-10206 vulnerability details – vuln.today

Back