Description
A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Published: 2026-05-05
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow triggered by the sprintf function in the yyxz.asp page of D‑Link DI‑8100 routers. By manipulating the ID argument, an attacker can overflow the stack and overwrite control data. This type of flaw can lead to arbitrary code execution, allowing the attacker to run malicious commands on the device. The flaw is pronounced enough that its exploitation can compromise confidentiality, integrity, and availability of the router and the network it protects.

Affected Systems

D‑Link DI‑8100 routers running firmware version 16.07.26A1. No other vendors or product lines are listed as affected.

Risk and Exploitability

The CVSS score of 8.6 classifies this issue as High severity, and there is no EPSS data available. Because the exploit is publicly documented and can be deployed remotely, the risk to devices with exposed administration interfaces is significant. No formal CISA KEV listing exists, but the existence of a public exploit means the vulnerability is likely being actively scanned by attackers. Often, such buffer overflow vulnerabilities do not require authentication and can be reached from any IP that can access the router’s web interface.

Generated by OpenCVE AI on May 5, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest firmware release from the D‑Link support site; firmware updates typically include the fix for the yyxz.asp overflow.
  • If a firmware update is not yet available, block remote access to the yyxz.asp endpoint or the router’s web administration console using a firewall or ACL to prevent unauthenticated attackers from reaching the vulnerable code.
  • Enforce strict input validation at the router’s firmware level; ensure that any string handling routines guard against buffer overflow by checking input lengths before copying or formatting data.

Generated by OpenCVE AI on May 5, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8100
Vendors & Products D-link
D-link di-8100

Tue, 05 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Title D-Link DI-8100 yyxz.asp sprintf stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Di-8100
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-05T17:30:13.938Z

Reserved: 2026-05-05T11:17:33.955Z

Link: CVE-2026-7851

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-05T18:16:03.947

Modified: 2026-05-05T19:07:14.690

Link: CVE-2026-7851

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T19:30:30Z

Weaknesses