Skip to main content

D-Link DI-8100 CVE-2026-7853

| EUVDEUVD-2026-27418 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-05 VulDB GHSA-mrhg-43m6-jq5j
8.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.9 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 05, 2026 - 18:30 vuln.today
Severity Changed
May 05, 2026 - 18:22 NVD
CRITICAL HIGH
CVSS changed
May 05, 2026 - 18:22 NVD
9.8 (CRITICAL) 8.9 (HIGH)

DescriptionCVE.org

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows remote unauthenticated attackers to execute arbitrary code via crafted HTTP requests to /auto_reboot.asp. The vulnerability exploits unsafe sprintf calls handling the 'enable' and 'time' parameters in the auto-reboot feature's HTTP handler. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation. CVSS 8.9 with EPSS and attack complexity both low indicate high real-world risk for internet-facing devices running this firmware version.

Technical ContextAI

The vulnerability resides in the HTTP request handler for /auto_reboot.asp, specifically in the sprintf function implementation within the D-Link DI-8100's web management interface. CWE-120 (Buffer Copy without Checking Size of Input) indicates classic unsafe string handling where user-supplied parameters 'enable' and 'time' are copied into a fixed-size buffer without bounds checking. The sprintf C function writes formatted output to a buffer but does not verify destination buffer capacity, allowing input exceeding buffer size to overwrite adjacent memory regions including return addresses, function pointers, or other critical data structures. This is a stack-based buffer overflow given the typical usage pattern of sprintf with automatic storage duration buffers in embedded device firmware. The D-Link DI-8100 is a multi-WAN VPN router running embedded Linux with a proprietary web administration interface, making memory corruption vulnerabilities particularly impactful as the HTTP handler likely runs with elevated privileges necessary for system configuration changes.

RemediationAI

Contact D-Link support immediately to confirm availability of patched firmware newer than 16.07.26A1, as no specific fix version is identified in current vulnerability disclosures or vendor advisories (https://www.dlink.com/). Until a verified patch is deployed, implement network-layer compensating controls: restrict access to the web management interface (typically TCP ports 80/443) to trusted administrative networks only via firewall rules or access control lists, ensuring the management interface is NOT reachable from WAN/internet interfaces. If remote administration is required, enforce access exclusively through VPN with multi-factor authentication. Consider disabling the auto-reboot feature entirely if operationally feasible, though this may not fully mitigate risk if the unsafe sprintf pattern exists in other HTTP handlers. Monitor for HTTP requests to /auto_reboot.asp with unusually long 'enable' or 'time' parameter values (>256 bytes) as potential exploitation attempts. WARNING: Disabling WAN management access may complicate remote troubleshooting; evaluate this trade-off against exploitation risk for your deployment. Given the device's end-of-life status (firmware dated 2016-2017), consider hardware replacement with currently supported models if vendor confirms no patch will be released.

More in D-Link

View all
CVE-2015-2051 HIGH POC
8.8 Feb 23

The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication re

CVE-2015-1187 CRITICAL POC
9.8 Sep 21

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr

CVE-2022-26258 CRITICAL POC
9.8 Mar 28

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set

CVE-2014-3936 CRITICAL POC
10.0 Jun 02

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (

CVE-2014-100005 HIGH POC
8.0 Jan 13

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0)

CVE-2015-2049 CRITICAL POC
9.0 Feb 23

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated use

CVE-2017-12943 CRITICAL POC
9.8 Aug 18

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?RE

CVE-2013-7389 MEDIUM POC
4.3 Jul 07

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), thi

CVE-2015-7245 HIGH POC
7.5 Apr 24

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remot

CVE-2024-57045 CRITICAL POC
9.8 Feb 18

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals

CVE-2013-10069 CRITICAL POC
10.0 Aug 05

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an

CVE-2013-10048 CRITICAL POC
9.3 Aug 01

An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmw

Share

CVE-2026-7853 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy