Description
A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.
Published: 2026-06-01
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow exists in the /dbsrv.asp file of the D-Link DI‑8400 router firmware versions up to 16.07.26A1. By manipulating the str argument, an attacker can trigger the overflow, allowing remote code execution. The flaw corresponds to CWE-119 and CWE-121 and is publicly exploitable.

Affected Systems

The affected system is the D-Link DI‑8400 router. All firmware releases up to and including version 16.07.26A1 are vulnerable. No other vendors or product lines are mentioned as impacted.

Risk and Exploitability

The vulnerability has a CVSS score of 8.7, indicating high severity. EPSS data is unavailable, and the flaw is not listed in CISA’s KEV catalog. The attack vector is remote, likely via an unauthenticated HTTP request to dbsrv.asp, enabling attackers to execute arbitrary code on the device.

Generated by OpenCVE AI on June 1, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from D-Link that fixes the dbsrv.asp stack overflow.
  • Restrict external access to the router’s web interface, limiting it to trusted network segments or a VPN.
  • Monitor router logs for unusual accesses to dbsrv.asp and investigate any suspicious activity.

Generated by OpenCVE AI on June 1, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.
Title D-Link DI-8400 dbsrv.asp stack-based overflow
First Time appeared D-link
D-link di-8400
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:h:d-link:di-8400:*:*:*:*:*:*:*:*
Vendors & Products D-link
D-link di-8400
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Di-8400
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T12:07:02.416Z

Reserved: 2026-05-31T06:40:45.989Z

Link: CVE-2026-10206

cve-icon Vulnrichment

Updated: 2026-06-01T12:06:58.386Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T01:16:47.620

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10206

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T01:30:16Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow