Skip to content
CVSS 7.2 · HIGH

CVE-2026-7857

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

View on NVD

Analysis

This vulnerability is a remote buffer overflow affecting the CGI handler in specific D-Link DI-8100 router firmware. As it is limited to vendor-specific hardware firmware and does not impact general software development tools or server infrastructure, it does not warrant community attention.

Severity

Score: 7.2(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: HIGH
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-119CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0006 (0.1%)
Percentile: 17.1%
EPSS: 2026-05-06

Affects

dlink:di-8100_firmwaredlink:di-8100

Technical description

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Published: 5/5/2026, 8:16:41 PM
Last modified: 5/6/2026, 5:28:10 PM

References

HomeEventsBlogResourcesTeam