CVE-2026-7856

High

Published: 05 May 2026

Published

05 May 2026

Modified

06 May 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0006 17.1th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be…

launched remotely. The exploit has been published and may be used.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-119 CWE-120

Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.

SA-11 Developer Testing and Evaluation

addresses: CWE-119

Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.

SI-16 Memory Protection

addresses: CWE-119

Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.

SI-4 System Monitoring

addresses: CWE-119

Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.

Security SummaryAI

CVE-2026-7856 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the D-Link DI-8100 router on firmware version 16.07.26A1. The issue lies in an unknown part of the /url_member.asp file within the Web Management Interface, where manipulation of the "Name" argument triggers the overflow. Published on 2026-05-05, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by attackers who possess high privileges, such as administrative access to the Web Management Interface. No user interaction is required, and low attack complexity allows a privileged remote attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system crashes via the buffer overflow.

Advisories referenced in VulDB entries and a GitHub report detail the flaw and include a published exploit that may be used. The D-Link website is also listed as a reference source. No specific patches or mitigations are mentioned in the available details, so practitioners should monitor vendor channels for firmware updates and restrict administrative access to the Web Management Interface.

The exploit's public availability on GitHub heightens the risk for unpatched D-Link DI-8100 devices.

Details

CWE(s): CWE-119 CWE-120

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Buffer overflow RCE in authenticated web management interface directly enables T1190 (exploiting the exposed router web app) and T1059.004 (arbitrary command execution on embedded Linux via Unix shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/draw-ctf/report/blob/main/DI-8100/url_member_asp_overflow.md
cna@vuldb.com
https://vuldb.com/submit/807849
cna@vuldb.com
https://vuldb.com/vuln/361133
cna@vuldb.com
https://vuldb.com/vuln/361133/cti
cna@vuldb.com
https://www.dlink.com/
cna@vuldb.com