44
CVEs
5
Critical
21
High
0
KEV
26
PoC
25
Unpatched C/H
4.5%
Patch Rate
0.2%
Avg EPSS
Severity Breakdown
CRITICAL
5
HIGH
21
MEDIUM
6
LOW
12
Monthly CVE Trend
Affected Products (30)
PHP
94
Dir 619l Firmware
63
Dir 816 Firmware
62
Dir 823G Firmware
58
Dir 605l Firmware
56
Dir 878 Firmware
38
Dir 513 Firmware
34
Dns 320 Firmware
27
Dir 882 Firmware
26
Dns 320Lw Firmware
25
Dns 325 Firmware
25
Dns 327L Firmware
24
Dnr 326 Firmware
24
Dns 340L Firmware
24
Dar 7000 Firmware
23
Dns 320L Firmware
23
Dns 345 Firmware
22
Dnr 322L Firmware
22
Dir 850L Firmware
22
Dwr M960 Firmware
22
Dsl 3782 Firmware
22
Dns 726 4 Firmware
21
Dns 1100 4 Firmware
21
Dnr 202L Firmware
21
Dns 1200 05 Firmware
21
Dns 326 Firmware
21
Dns 315L Firmware
21
Dns 120 Firmware
21
Dns 321 Firmware
21
Dns 1550 04 Firmware
21
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-7853 | Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows remote unauthenticated attackers to execute arbitrary code via crafted HTTP requests to /auto_reboot.asp. The vulnerability exploits unsafe sprintf calls handling the 'enable' and 'time' parameters in the auto-reboot feature's HTTP handler. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation. CVSS 8.9 with EPSS and attack complexity both low indicate high real-world risk for internet-facing devices running this firmware version. | HIGH | 8.9 | 0.1% | 65 |
PoC
No patch
|
| CVE-2026-7854 | Remote unauthenticated buffer overflow in D-Link DI-8100 firmware 16.07.26A1 enables attackers to execute arbitrary code, compromise device integrity, and cause denial of service via crafted POST requests to /url_rule.asp. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation. The CVSS 9.8 critical score reflects network-based remote attack requiring no authentication or user interaction, though no active exploitation has been confirmed via CISA KEV at time of analysis. | HIGH | 8.9 | 0.1% | 65 |
PoC
No patch
|
| CVE-2018-25358 | D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 0.1% | 64 |
PoC
No patch
|
| CVE-2026-13545 | OS command injection in the D-Link DCS-935L Wi-Fi network camera (firmware 1.10.01) lets a remote attacker inject arbitrary operating-system commands through the UID POST parameter handled by the sub_400E40 function in setconf.cgi. The CVSS 4.0 vector requires low privileges (PR:L), so an attacker needs some level of authenticated/session access, after which they gain full confidentiality, integrity, and availability impact on the device. Publicly available exploit code exists (disclosed via VulDB), though there is no public exploit identified as actively exploited in the wild. | HIGH | 7.4 | 1.6% | 59 |
PoC
No patch
|
| CVE-2026-10206 | Stack-based buffer overflow in D-Link DI-8400 routers through firmware 16.07.26A1 allows authenticated remote attackers to corrupt memory by manipulating the 'str' parameter in /dbsrv.asp, potentially achieving code execution on the device. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges per the CVSS 4.0 vector. The original researcher advisory notes contradictory parameter names, introducing some uncertainty about the exact trigger field. | HIGH | 7.4 | 0.1% | 57 |
PoC
No patch
|
| CVE-2026-10270 | Stack-based buffer overflow in D-Link DI-7001 MINI routers (firmware up to 19.09.19A1) allows authenticated remote attackers to corrupt memory via the Time parameter passed to the sprintf function in /httpd_debug.asp. Publicly available exploit code exists on GitHub, and the CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low privilege requirement and no user interaction. The vulnerability targets an embedded networking appliance commonly deployed at SMB and branch-office perimeters, increasing exposure risk where the management interface is reachable. | HIGH | 7.4 | 0.1% | 57 |
PoC
No patch
|
| CVE-2026-12174 | Format string vulnerability in the D-Link DCS-935L 1.10.01 IP camera allows authenticated remote attackers to corrupt memory and likely achieve information disclosure or code execution by manipulating the data argument passed to snprintf within the /web/cgi-bin/greece/rhea HTTP handler. Publicly available exploit code exists per VulDB submission, though this CVE is not on the CISA KEV list. The CVSS 4.0 score of 7.4 reflects high impact on confidentiality, integrity, and availability with low-privilege authentication required. | HIGH | 7.4 | 0.1% | 57 |
PoC
No patch
|
| CVE-2026-8260 | Buffer overflow in D-Link DCS-935L camera firmware versions up to 1.10.01 allows authenticated remote attackers to achieve complete system compromise via crafted AdminPassword parameter to the HNAP service. Public exploit code exists on GitHub (0xcc12138/DCS-935L-HNAP-Service-CVE), demonstrating weaponization of this vulnerability. CVSS 4.0 score of 7.4 with CVSS:4.0/E:P confirms proof-of-concept exploitation. While authentication is required (PR:L), the low attack complexity (AC:L) and network attack vector (AV:N) combined with publicly available exploit code make this a practical remote exploitation risk for devices exposed to untrusted networks or compromised accounts. | HIGH | 7.4 | 0.0% | 57 |
PoC
No patch
|
| CVE-2026-7855 | Buffer overflow in D-Link DI-8100 router (firmware 16.07.26A1) allows authenticated remote attackers to execute arbitrary code or crash the device via crafted HTTP requests to the /tggl.asp endpoint. The vulnerability affects the tggl_asp function's Name parameter handling. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation for attackers with valid router credentials. | HIGH | 7.4 | 0.0% | 57 |
PoC
No patch
|
| CVE-2026-7851 | Stack-based buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated remote attackers with high privileges to execute arbitrary code via malformed ID parameter to yyxz.asp administrative interface. Public exploit code exists on GitHub, demonstrating reliable exploitation. CVSS 7.3 (High) reflects network attack vector but requires admin-level authentication, limiting real-world exposure to compromised credentials or insider scenarios. | HIGH | 7.3 | 0.1% | 57 |
PoC
No patch
|
| CVE-2026-7856 | Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated administrators to execute arbitrary code via crafted 'Name' parameter to /url_member.asp in the web management interface. Public exploit code exists on GitHub, demonstrating active proof-of-concept availability. EPSS data unavailable; CVSS 7.2 reflects high impact but limited by requirement for high-privilege (admin) authentication, reducing real-world urgency for most organizations unless admin credentials are compromised or insider threat exists. | HIGH | 7.3 | 0.1% | 57 |
PoC
No patch
|
| CVE-2026-7857 | Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 enables authenticated remote code execution via crafted input to the /user_group.asp CGI handler. Attackers with high-privilege (administrator) credentials can exploit the unsafe sprintf function to achieve arbitrary code execution with complete system compromise. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation despite the high-privilege requirement. | HIGH | 7.3 | 0.1% | 57 |
PoC
No patch
|
| CVE-2026-7069 | Buffer overflow in D-Link DIR-825 router's miniupnpd service allows authenticated adjacent network attackers to achieve complete device compromise through malicious UPnP SOAP requests. Affects DIR-825 firmware versions up to 3.00b32, which D-Link no longer supports. Public exploit code exists (CVSS:4.0 7.3 High), but EPSS probability remains low at 0.03% (7th percentile), suggesting limited real-world exploitation activity. Remediation options are constrained as the product has reached end-of-life status. | HIGH | 7.3 | 0.0% | 57 |
PoC
No patch
|
| CVE-2026-15270 | Least-privilege violation in the D-Link DIR-823G router (firmware 1.0.2B05_20181207) stems from insecure configuration of the Boa web server via /etc/boa/boa.conf, allowing an authenticated remote attacker to abuse over-broad privileges to compromise confidentiality, integrity, and availability. Publicly available exploit code exists, but the CVSS 4.0 vector rates attack complexity high (AC:H) and vendor guidance notes exploitation is difficult; there is no public exploit identified as actively exploited (not in CISA KEV). EPSS data was not supplied, but the low-privilege network vector combined with full CIA impact makes this a meaningful risk on exposed devices. | MEDIUM | 6.8 | 0.4% | 54 |
PoC
No patch
|
| CVE-2026-42374 | D-Link DIR-600L Hardware Revision B1 routers expose a hardcoded telnet backdoor granting unauthenticated remote attackers root shell access via static credentials ('Alphanetworks' / 'wrgn61_dlwbr_dir600L'). The vulnerability affects End-of-Life devices that will never receive patches, making permanent network isolation or replacement the only remediation options. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and publicly documented credentials, this represents critical risk for any exposed device, though exploitation requires local network access despite the 'Network' attack vector classification. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|