Cyber Posture

CVE-2026-7853

Critical

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 18.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely.…

more

The exploit has been made available to the public and could be used for attacks.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications
addresses: CWE-119 CWE-120

Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.

SA-11 Developer Testing and Evaluation
addresses: CWE-119

Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.

SI-16 Memory Protection
addresses: CWE-119

Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.

SI-4 System Monitoring
addresses: CWE-119

Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.

Security SummaryAI

CVE-2026-7853 is a buffer overflow vulnerability affecting the D-Link DI-8100 router on firmware version 16.07.26A1. The flaw exists in the sprintf function within the /auto_reboot.asp file of the HTTP Handler component, where manipulation of the "enable" or "time" arguments triggers the overflow.

The vulnerability enables remote exploitation without authentication, privileges, or user interaction, as indicated by its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Attackers can achieve high confidentiality, integrity, and availability impacts, potentially leading to full system compromise. A public exploit is available, increasing the risk of attacks.

Advisories and details are documented in references including a GitHub report at https://github.com/draw-ctf/report/blob/main/DI-8100/auto_reboot_asp_overflow.md, VulDB entries at https://vuldb.com/vuln/361130 and related pages, and the D-Link website at https://www.dlink.com/.

The exploit has been made publicly available and could be used for attacks, with associated CWEs CWE-119 and CWE-120.

Details

CWE(s)
CWE-119CWE-120

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in unauthenticated HTTP handler (/auto_reboot.asp) on public-facing router firmware directly enables remote code execution against an internet-exposed web application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References