CVE-2026-7248
Published: 28 April 2026
Summary
CVE-2026-7248 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly mitigates the buffer overflow vulnerability by applying vendor firmware patches or updates to eliminate the flaw in the tgfile_htm function.
Information input validation enforces checks on the 'fn' argument to prevent buffer overflows in the CGI endpoint by rejecting malformed inputs.
Memory protection implements safeguards like address space layout randomization and non-executable stacks to block exploitation of the buffer overflow even if triggered.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in unauthenticated public-facing CGI endpoint (tgfile.htm) directly enables remote code execution on the device, mapping to exploitation of a public-facing application for initial access and full compromise.
NVD Description
A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit…
more
has been made public and could be used.
Deeper analysisAI
CVE-2026-7248 is a buffer overflow vulnerability in the D-Link DI-8100 router running firmware version 16.07.26A1. It affects the tgfile_htm function within the tgfile.htm file of the CGI Endpoint component, where manipulation of the 'fn' argument triggers the overflow. The issue is classified under CWE-119 and CWE-120, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability is remotely exploitable without authentication, privileges, or user interaction. Attackers can send crafted requests to the affected CGI endpoint, leading to high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution or full device compromise. A public exploit is available and could be used in attacks.
Advisories referenced in VulDB entries (e.g., https://vuldb.com/vuln/359857) and a GitHub report (https://github.com/draw-ctf/report/blob/main/DI-8100/DI-8100_tgfile_htm_overflow.md) detail the issue, while the D-Link website (https://www.dlink.com/) provides vendor context. Practitioners should review these for any firmware patches or workarounds.
The exploit has been made public, increasing the risk of real-world exploitation against exposed D-Link DI-8100 devices.
Details
- CWE(s)