Description
A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
Published: 2026-06-01
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow occurs in the sprintf routine accessed by the /httpd_debug.asp API endpoint of the D‑Link DI‑7001 MINI device. Supplying a crafted Time argument exceeds the expected buffer size, corrupting the stack and allowing an attacker to redirect execution flow, leading to arbitrary code execution on the device.

Affected Systems

The vulnerability affects all D‑Link DI‑7001 MINI units running firmware versions up to and including 19.09.19A1. No other firmware revisions are known to be impacted by this issue.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity, and while the EPSS score is currently unavailable, the exploit is publicly available and can be performed remotely by interacting with the /httpd_debug.asp endpoint. The device lacks authentication safeguards on this API, making it feasible for an unauthenticated attacker to trigger the flaw. The vulnerability is not currently listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 1, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to a version newer than 19.09.19A1 that patches the /httpd_debug.asp buffer overflow.
  • If an upgrade cannot be applied, restrict external access to the /httpd_debug.asp endpoint using a firewall or device configuration changes to block the API or limit service to trusted networks.
  • Monitor network traffic for unusual requests to /httpd_debug.asp and log any anomalous activity for further investigation.

Generated by OpenCVE AI on June 1, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
Title D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow
First Time appeared D-link
D-link di-7001 Mini
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:h:d-link:di-7001_mini:*:*:*:*:*:*:*:*
Vendors & Products D-link
D-link di-7001 Mini
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Di-7001 Mini
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T19:46:56.015Z

Reserved: 2026-05-31T14:13:05.202Z

Link: CVE-2026-10270

cve-icon Vulnrichment

Updated: 2026-06-01T19:46:52.363Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-01T17:16:43.280

Modified: 2026-06-01T17:57:23.310

Link: CVE-2026-10270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T20:30:16Z

Weaknesses