Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-7853: D-Link DI-8100 allows remote code execution via buffer overflow
CVE-2026-7853
Summary
The D-Link DI-8100's HTTP Handler has a weakness that can allow hackers to execute malicious code remotely. This can be done by sending a specially crafted message to the device. We recommend updating the device to the latest available version to fix this issue.
Original title
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/ti...
Original description
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
Published: 5 May 2026 · Updated: 30 May 2026 · First seen: 5 May 2026