D-Link DI-8100 Critical Buffer Overflow (CVE-2026-7853) Publicly Exploitable
A critical buffer overflow vulnerability, identified as CVE-2026-7853, has been discovered in the D-Link DI-8100 router, specifically within version 16.07.26A1. The National Vulnerability Database (NVD) reports that the flaw resides in the sprintf function within the /auto_reboot.asp file’s HTTP Handler component. Manipulating the enable/time argument can trigger this overflow.
This vulnerability carries a CVSS v3.1 score of 9.8, categorizing it as CRITICAL. Attackers can exploit this remotely without authentication (AV:N/AC:L/PR:N/UI:N), leading to high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The National Vulnerability Database confirms that public exploit code is available, significantly increasing the immediate risk of attacks.
For defenders, this is a clear and present danger. An unauthenticated, remote buffer overflow with public exploit code means any D-Link DI-8100 16.07.26A1 device exposed to the internet is a prime target. Attackers can leverage this to gain full control, pivot into internal networks, or disrupt operations. The attacker’s calculus here is simple: low effort, high reward. They don’t need to bypass complex authentication or social engineer users.
What This Means For You
- If your organization uses D-Link DI-8100 16.07.26A1 routers, immediately identify all instances and either patch them if an update is available or remove them from internet exposure. Prioritize this vulnerability as a top-tier incident response item given the critical severity and public exploit availability.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rule · 6 SIEM formats1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7853 - D-Link DI-8100 HTTP Handler Buffer Overflow
title: CVE-2026-7853 - D-Link DI-8100 HTTP Handler Buffer Overflow
id: scw-2026-05-05-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit the CVE-2026-7853 vulnerability in D-Link DI-8100 devices. The exploit targets the '/auto_reboot.asp' endpoint and manipulates the 'enable' and 'time' parameters to trigger a buffer overflow. This rule specifically looks for these parameters within the URI query of a GET request to the vulnerable path.
author: SCW Feed Engine (AI-generated)
date: 2026-05-05
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7853/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/auto_reboot.asp'
cs-uri-query|contains:
- 'enable='
- 'time='
cs-method:
- 'GET'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7853 | Buffer Overflow | D-Link DI-8100 version 16.07.26A1 |
| CVE-2026-7853 | Buffer Overflow | Vulnerable function: sprintf in /auto_reboot.asp |
| CVE-2026-7853 | Buffer Overflow | Vulnerable component: HTTP Handler |
| CVE-2026-7853 | Buffer Overflow | Manipulation of argument: enable/time |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 05, 2026 at 21:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
D-Link DI-8100 Buffer Overflow - CVE-2026-7855 Public Exploit Available
CVE-2026-7855 — A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component...
D-Link DI-8100 Critical Buffer Overflow (CVE-2026-7854)
CVE-2026-7854 — A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of...
OpenStack Ironic Vulnerability CVE-2026-42997 Exposes Keystone Tokens
CVE-2026-42997 — An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent...