CVE-2026-7851
Awaiting Analysis Awaiting Analysis - Queue
Stack-Based Buffer Overflow in D-Link DI-8100 Router

Publication date: 2026-05-05

Last updated on: 2026-05-06

Assigner: VulDB

Description
A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7851
EUVD
EUVD-2026-27416
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink di-8100_firmware 16.07.26a1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7851 is a stack-based buffer overflow vulnerability found in the D-Link DI-8100 router's firmware version 16.07.26A1. It occurs in the yyxz.asp endpoint where the 'id' parameter is handled improperly without length validation or input sanitization.

The vulnerability arises because the application concatenates user input with a fixed prefix and writes it into a small stack buffer, which can overflow if the input is too long.

This flaw can be exploited remotely with low complexity and no user interaction, but valid administrative credentials are required to access the web interface.

Exploitation can cause the HTTP service to crash or potentially allow execution of arbitrary code, leading to full system compromise.

Impact Analysis

This vulnerability can have severe impacts including confidentiality, integrity, and availability of the affected device.

  • An attacker with administrative credentials can remotely exploit the buffer overflow to execute arbitrary code.
  • This could lead to full system compromise, allowing modification of system settings or files.
  • The device could also be crashed, causing denial of service.
Detection Guidance

This vulnerability can be detected by sending crafted HTTP POST requests to the yyxz.asp endpoint of the D-Link DI-8100 router's web interface, specifically targeting the 'id' parameter with a long string payload.

A proof of concept involves sending HTTP POST requests with varying lengths of the 'id' parameter to observe if the HTTP service crashes, which indicates a successful buffer overflow.

Since valid administrative credentials are required to access the web interface, detection commands should be executed with authorized access.

  • Use curl or similar tools to send a POST request with a long 'id' parameter, for example: curl -X POST -d "id=$(python3 -c 'print("A"*1000)')" http://<router-ip>/yyxz.asp
  • Monitor the router's HTTP service for crashes or unresponsiveness after sending the payload.
Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web interface to trusted administrators only, ensuring that only authorized users with valid credentials can reach the yyxz.asp endpoint.

Avoid exposing the router's management interface to untrusted networks or the internet to reduce the risk of remote exploitation.

Monitor the device for unusual crashes or instability that may indicate exploitation attempts.

If available, apply firmware updates or patches from the vendor that address this vulnerability.

Compliance Impact

The vulnerability in the D-Link DI-8100 router allows remote attackers with administrative credentials to execute arbitrary code, modify system settings or files, and cause denial of service. This severe impact on confidentiality, integrity, and availability could lead to unauthorized access or data breaches.

Such security failures may result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity. However, the provided information does not explicitly state the direct effects on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7851. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart