Cyber Resilience

CVE-2026-7248

HighPublic PoC

Published: 28 April 2026

Published
28 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0215 79.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7248 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-7248 is a buffer overflow vulnerability in the D-Link DI-8100 router running firmware version 16.07.26A1. It affects the tgfile_htm function within the tgfile.htm file of the CGI Endpoint component, where manipulation of the 'fn' argument triggers the overflow. The issue is classified under CWE-119 and CWE-120, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability is remotely exploitable without authentication, privileges, or user interaction. Attackers can send crafted requests to the affected CGI endpoint, leading to high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution or full device compromise. A public exploit is available and could be used in attacks.

Advisories referenced in VulDB entries (e.g., https://vuldb.com/vuln/359857) and a GitHub report (https://github.com/draw-ctf/report/blob/main/DI-8100/DI-8100_tgfile_htm_overflow.md) detail the issue, while the D-Link website (https://www.dlink.com/) provides vendor context. Practitioners should review these for any firmware patches or workarounds.

The exploit has been made public, increasing the risk of real-world exploitation against exposed D-Link DI-8100 devices.

EU & UK References

Vulnerability details

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit…

more

has been made public and could be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in unauthenticated public-facing CGI endpoint (tgfile.htm) directly enables remote code execution on the device, mapping to exploitation of a public-facing application for initial access and full compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7857Same product: Dlink Di-8100
CVE-2026-7853Same product: Dlink Di-8100
CVE-2026-7247Same product: Dlink Di-8100
CVE-2026-7854Same product: Dlink Di-8100
CVE-2026-7856Same product: Dlink Di-8100
CVE-2026-7855Same product: Dlink Di-8100
CVE-2025-7911Same product: Dlink Di-8100
CVE-2026-7851Same product: Dlink Di-8100
CVE-2025-7762Same product: Dlink Di-8100
CVE-2025-7908Same product: Dlink Di-8100

Affected Assets

dlink
di-8100 firmware
16.07.26a1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates the buffer overflow vulnerability by applying vendor firmware patches or updates to eliminate the flaw in the tgfile_htm function.

prevent

Information input validation enforces checks on the 'fn' argument to prevent buffer overflows in the CGI endpoint by rejecting malformed inputs.

prevent

Memory protection implements safeguards like address space layout randomization and non-executable stacks to block exploitation of the buffer overflow even if triggered.

References