D-Link DI-8100 CVE-2026-7248

| EUVD-2026-26019 HIGH
Buffer Overflow (CWE-119)
2026-04-28 [email protected]
Buffer Overflow D-Link
8.9
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Re-analysis Queued
Apr 28, 2026 - 20:38 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 09:32 vuln.today

DescriptionNVD

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

AnalysisAI

Remote code execution in D-Link DI-8100 router firmware 16.07.26A1 allows unauthenticated attackers to compromise the device via buffer overflow in the CGI endpoint. The vulnerability resides in the tgfile.htm CGI handler where inadequate input validation of the 'fn' parameter enables attackers to overflow a stack or heap buffer. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify and inventory all D-Link DI-8100 routers running firmware version 16.07.26A1 in your environment; immediately isolate affected devices from internet-facing access and restrict administrative access to trusted networks only. Within 7 days: Contact D-Link support to confirm available firmware updates beyond 16.07.26A1 and test in a controlled environment; if no newer firmware is available, implement network segmentation to prevent direct internet access to the router's web interface. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-7069 HIGH POC
7.3 Apr 27

Buffer overflow in D-Link DIR-825 router's miniupnpd service allows authenticated adjacent network attackers to achieve

CVE-2026-6947 HIGH
8.7 Apr 24

Brute-force protection bypass in D-Link DWM-222W USB Wi-Fi Adapter allows remote unauthenticated attackers to perform un
CVE-2026-7068 HIGH
7.4 Apr 27

Stack-based buffer overflow in D-Link DIR-825 firmware 3.00b32's nmbd NetBIOS service allows adjacent network attackers

CVE-2026-7288 HIGH
7.4 Apr 28

Buffer overflow in D-Link DIR-825M 1.1.12 router allows authenticated remote attackers to achieve high-severity code exe
CVE-2026-7289 HIGH
7.4 Apr 28

Remote authenticated attackers can execute arbitrary code on D-Link DIR-825M routers (firmware 1.1.12) by sending specia

Share

CVE-2026-7248 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy