Which versions of D-Link DI-8100 are affected by CVE-2026-7857?

CVE-2026-7857 is a buffer overflow in D-Link DI-8100 router firmware (version 16.07.26A1) that allows authenticated administrators to execute arbitrary code and fully compromise the device.

Is there a public PoC exploit available for CVE-2026-7857?

Yes, a public proof-of-concept exploit is available for CVE-2026-7857. Prioritise patching immediately. EPSS: 0.1%.

D-Link DI-8100 CVE-2026-7857

Q: What is the CVSS score of CVE-2026-7857?

CVE-2026-7857 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-27488 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-05 VulDB

GHSA-v647-rh6c-m9fr

Buffer Overflow D-Link

7.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 05, 2026 - 20:22 vuln.today

cvss_changed

CVSS changed

May 05, 2026 - 20:22 NVD

7.2 (HIGH) 7.3 (HIGH)

Analysis Generated

May 05, 2026 - 20:00 vuln.today

DescriptionNVD

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 enables authenticated remote code execution via crafted input to the /user_group.asp CGI handler. Attackers with high-privilege (administrator) credentials can exploit the unsafe sprintf function to achieve arbitrary code execution with complete system compromise. …

RemediationAI

Within 24 hours: Inventory all D-Link DI-8100 devices running firmware 16.07.26A1 and document their network locations and administrative access controls. Within 7 days: Implement network segmentation to isolate affected routers from critical systems; restrict administrator account access via principle of least privilege and enforce MFA on remaining administrative accounts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-4377 MEDIUM This Month

6.0 May 28

Weak default credential generation in the D-Link DWR-X1820 router exposes administrative access to adjacent-network atta

CVE-2026-7857 vulnerability details – vuln.today

Back

D-Link DI-8100 CVE-2026-7857

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

D-Link DI-8100 CVE-2026-7857

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code