Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
AnalysisAI
Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows remote unauthenticated attackers to execute arbitrary code via crafted HTTP requests to /auto_reboot.asp. The vulnerability exploits unsafe sprintf calls handling the 'enable' and 'time' parameters in the auto-reboot feature's HTTP handler. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation. CVSS 8.9 with EPSS and attack complexity both low indicate high real-world risk for internet-facing devices running this firmware version.
Technical ContextAI
The vulnerability resides in the HTTP request handler for /auto_reboot.asp, specifically in the sprintf function implementation within the D-Link DI-8100's web management interface. CWE-120 (Buffer Copy without Checking Size of Input) indicates classic unsafe string handling where user-supplied parameters 'enable' and 'time' are copied into a fixed-size buffer without bounds checking. The sprintf C function writes formatted output to a buffer but does not verify destination buffer capacity, allowing input exceeding buffer size to overwrite adjacent memory regions including return addresses, function pointers, or other critical data structures. This is a stack-based buffer overflow given the typical usage pattern of sprintf with automatic storage duration buffers in embedded device firmware. The D-Link DI-8100 is a multi-WAN VPN router running embedded Linux with a proprietary web administration interface, making memory corruption vulnerabilities particularly impactful as the HTTP handler likely runs with elevated privileges necessary for system configuration changes.
RemediationAI
Contact D-Link support immediately to confirm availability of patched firmware newer than 16.07.26A1, as no specific fix version is identified in current vulnerability disclosures or vendor advisories (https://www.dlink.com/). Until a verified patch is deployed, implement network-layer compensating controls: restrict access to the web management interface (typically TCP ports 80/443) to trusted administrative networks only via firewall rules or access control lists, ensuring the management interface is NOT reachable from WAN/internet interfaces. If remote administration is required, enforce access exclusively through VPN with multi-factor authentication. Consider disabling the auto-reboot feature entirely if operationally feasible, though this may not fully mitigate risk if the unsafe sprintf pattern exists in other HTTP handlers. Monitor for HTTP requests to /auto_reboot.asp with unusually long 'enable' or 'time' parameter values (>256 bytes) as potential exploitation attempts. WARNING: Disabling WAN management access may complicate remote troubleshooting; evaluate this trade-off against exploitation risk for your deployment. Given the device's end-of-life status (firmware dated 2016-2017), consider hardware replacement with currently supported models if vendor confirms no patch will be released.
The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication re
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0)
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated use
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?RE
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), thi
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remot
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an
An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmw
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27418
GHSA-mrhg-43m6-jq5j