Description
A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Published: 2026-05-05
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic buffer overflow in the /url_member.asp component of the web management interface of the D‑Link DI‑8100 router. Manipulation of the Name input parameter allows an attacker to exceed the allocated buffer, potentially overwriting executable memory and enabling arbitrary code execution. The flaw is triggered remotely, meaning an unauthenticated user can upload a crafted payload via the web interface without requiring prior credentials.

Affected Systems

Affected systems are D‑Link DI‑8100 routers that are running firmware version 16.07.26A1. The vulnerability description references an unknown part of /url_member.asp, implying that this exact firmware build is vulnerable. Administrators should verify that their devices match this revision or are newer.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity vulnerability, and the existence of a published exploit shows that exploitation can be performed remotely without special prerequisites. The EPSS score is not available, but the public availability of an exploit and the remote, unauthenticated attack vector increase the likelihood of real‑world attacks. The vulnerability is not currently listed in the CISA KEV catalog, yet its severity warrants prompt action.

Generated by OpenCVE AI on May 5, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the DI‑8100 firmware to the latest version released by D‑Link that contains the buffer‑overflow fix.
  • Restrict access to the web management interface to trusted IP addresses or subnets, and enforce HTTPS with strong authentication where possible.
  • Deploy network perimeter controls or segmentation to block unauthenticated HTTP traffic to the router's management ports.

Generated by OpenCVE AI on May 5, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8100
Vendors & Products D-link
D-link di-8100

Tue, 05 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 05 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Title D-Link DI-8100 Web Management url_member.asp buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Di-8100
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-05T19:30:58.408Z

Reserved: 2026-05-05T11:41:27.815Z

Link: CVE-2026-7856

cve-icon Vulnrichment

Updated: 2026-05-05T19:30:54.320Z

cve-icon NVD

Status : Received

Published: 2026-05-05T20:16:41.500

Modified: 2026-05-05T20:16:41.500

Link: CVE-2026-7856

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T20:30:31Z

Weaknesses