Description
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-05-05
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists within the sprintf call in the /auto_reboot.asp handler of the D‑Link DI‑8100 router. By sending crafted enable/time parameters, an attacker can overwrite adjacent memory, which can lead to arbitrary code execution under the privileges of the router’s HTTP service. The description notes that this can be done remotely and that public exploit code is available.

Affected Systems

The issue affects D‑Link DI‑8100 routers with firmware 16.07.26A1 only; no other versions or models are mentioned. The vendor product is specifically the DI‑8100 router.

Risk and Exploitability

The CVSS score of 9.3 classifies the flaw as critical. EPSS is not reported, but the public availability of exploit code and remote HTTP attack vector raise the real‑world risk. The vulnerability is not yet in the CISA KEV list; however, its severity and openness make it an attractive target for attackers.

Generated by OpenCVE AI on May 5, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the DI‑8100 firmware to a version that removes the buffer overflow in the /auto_reboot.asp handler.
  • If an updated firmware is not immediately available, disable the auto‑reboot feature or block access to the /auto_reboot.asp endpoint by configuring the router’s firewall or ACL.
  • Restrict access to the router’s web interface to trusted network segments or specific IP addresses, and monitor traffic and logs for suspicious activity.

Generated by OpenCVE AI on May 5, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8100
Vendors & Products D-link
D-link di-8100

Tue, 05 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 05 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Title D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Di-8100
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-05T18:46:18.528Z

Reserved: 2026-05-05T11:39:20.340Z

Link: CVE-2026-7853

cve-icon Vulnrichment

Updated: 2026-05-05T18:46:13.734Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-05T18:16:04.123

Modified: 2026-05-05T19:07:14.690

Link: CVE-2026-7853

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T20:30:31Z

Weaknesses