Description
A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Published: 2026-05-05
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic stack buffer overflow caused by an improperly handled Name parameter in the tggl_asp function of the /tggl.asp HTTP request handler on the DI‑8100. If successfully exploited, an attacker can overwrite control data and execute arbitrary code, leading to full device compromise. The flaw is classified under CWE‑119 and CWE‑120.

Affected Systems

The affected product is the D‑Link DI‑8100 router running firmware 16.07.26A1. No other versions or vendors are listed, and only the DI‑8100 model is mentioned in the CNA data.

Risk and Exploitability

The CVSS score of 8.7 indicates a high‑severity vulnerability with remote exploitation potential. Exploits are publicly available, and the attack vector is inferred to be remote via HTTP since the flaw is triggered through an HTTP request to /tggl.asp. The EPSS score is not provided, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, but the availability of a public exploit raises the practical risk significantly.

Generated by OpenCVE AI on May 5, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from D‑Link that addresses the tggl.asp buffer overflow on the DI‑8100 router.
  • Place the router behind a firewall or equivalent perimeter device and restrict remote access to the web administration interface, using local‑only or VPN‑only access when possible.
  • Continuously monitor network traffic for repeated attempts to contact the /tggl.asp endpoint and block malicious sources via the firewall or router’s access‑control mechanisms.

Generated by OpenCVE AI on May 5, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8100
Vendors & Products D-link
D-link di-8100

Tue, 05 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 05 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Title D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Di-8100
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-05T19:58:51.054Z

Reserved: 2026-05-05T11:39:27.355Z

Link: CVE-2026-7855

cve-icon Vulnrichment

Updated: 2026-05-05T19:58:44.903Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-05T19:16:23.710

Modified: 2026-05-05T19:30:02.603

Link: CVE-2026-7855

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T21:00:09Z

Weaknesses