Which versions of D-Link DI-8100 are affected by CVE-2026-7853?

CVE-2026-7853 is a critical remote code execution vulnerability affecting D-Link DI-8100 routers running firmware 16.07.26A1, enabling unauthenticated attackers to compromise devices through HTTP…

Is there a public PoC exploit available for CVE-2026-7853?

Yes, a public proof-of-concept exploit is available for CVE-2026-7853. Prioritise patching immediately. EPSS: 0.1%.

D-Link DI-8100 CVE-2026-7853

Q: What is the CVSS score of CVE-2026-7853?

CVE-2026-7853 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-27418 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-05 VulDB

GHSA-mrhg-43m6-jq5j

Buffer Overflow D-Link

8.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 05, 2026 - 18:30 vuln.today

Severity Changed

May 05, 2026 - 18:22 NVD

CRITICAL HIGH

CVSS changed

May 05, 2026 - 18:22 NVD

9.8 (CRITICAL) 8.9 (HIGH)

DescriptionNVD

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows remote unauthenticated attackers to execute arbitrary code via crafted HTTP requests to /auto_reboot.asp. The vulnerability exploits unsafe sprintf calls handling the 'enable' and 'time' parameters in the auto-reboot feature's HTTP handler. …

RemediationAI

Within 24 hours: Identify all D-Link DI-8100 devices on the network and document firmware versions via administrative access or network scanning; isolate any devices running firmware 16.07.26A1 from production networks if possible. Within 7 days: Contact D-Link support to determine if a patched firmware version exists beyond 16.07.26A1, and test any available firmware updates in a controlled environment; implement network segmentation to restrict HTTP access to the /auto_reboot.asp endpoint via firewall rules. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-4377 MEDIUM This Month

6.0 May 28

Weak default credential generation in the D-Link DWR-X1820 router exposes administrative access to adjacent-network atta

CVE-2026-7853 vulnerability details – vuln.today

Back

D-Link DI-8100 CVE-2026-7853

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

D-Link DI-8100 CVE-2026-7853

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code