CVE-2026-7247
Published: 28 April 2026
Summary
CVE-2026-7247 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflows by enforcing strict validation and bounds checking on the manipulated Name argument in the file_exten.asp handler.
Implements memory protection mechanisms like ASLR, DEP, and stack canaries to mitigate exploitation of the buffer overflow for arbitrary code execution.
Requires timely flaw remediation through firmware patching to eliminate the specific buffer overflow vulnerability in D-Link DI-8100 version 16.07.26A1.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-accessible web application component (file_exten.asp) enables remote exploitation for arbitrary code execution on public-facing device.
NVD Description
A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of…
more
the attack is possible. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2026-7247 is a buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1. The flaw affects the file_exten_asp function in the file_exten.asp file of the File Extension Handler component, where manipulation of the Name argument triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).
The vulnerability carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), meaning it is network-accessible with low attack complexity but requires high privileges. An attacker with sufficient privileges can remotely exploit it without user interaction, potentially achieving high impacts on confidentiality, integrity, and availability, such as arbitrary code execution or system compromise.
Advisories and details are available in referenced sources, including a GitHub report at https://github.com/draw-ctf/report/blob/main/DI-8100/file_exten_asp_overflow.md and VulDB entries at https://vuldb.com/vuln/359856 and https://vuldb.com/submit/802868. The D-Link website at https://www.dlink.com/ may offer relevant firmware updates or guidance. The exploit has been publicly disclosed and may be used.
Details
- CWE(s)