Cyber Posture

CVE-2026-7289

HighPublic PoC

Published: 28 April 2026

Published
28 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7289 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825M Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the buffer overflow vulnerability in sub_414BA8 by applying vendor firmware patches or updates.

SI-10 Information Input Validation good match
prevent

Validates the submit-url argument in formWanConfigSetup to block malformed inputs that trigger the buffer overflow.

SI-16 Memory Protection good match
prevent

Provides memory protections like non-executable stacks or address space layout randomization to prevent exploitation of the buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in the router's web form (formWanConfigSetup) directly enables remote exploitation of a network-accessible/public-facing application, leading to RCE and full device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public…

more

and could be used.

Deeper analysisAI

CVE-2026-7289 is a buffer overflow vulnerability affecting the D-Link DIR-825M router running firmware version 1.1.12. The issue resides in the function sub_414BA8 within the file /boafrm/formWanConfigSetup, where manipulation of the submit-url argument triggers the overflow. Classified under CWE-119 and CWE-120, it received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-04-28.

An attacker with network access and low privileges, such as an authenticated user, can remotely exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact outcomes, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to full compromise of the affected device.

Mitigation details are available through referenced advisories, including VulDB entries at https://vuldb.com/vuln/359947 and https://vuldb.com/submit/803025, a GitHub issue at https://github.com/Kiciot/cve/issues/3, and the D-Link website at https://www.dlink.com/. The exploit has been made public, increasing the risk of active exploitation.

Details

CWE(s)
CWE-119CWE-120

Affected Products

dlink
dir-825m firmware
1.1.12

CVEs Like This One

CVE-2026-7288Same product: Dlink Dir-825M
CVE-2025-13304Same product: Dlink Dir-825M
CVE-2026-5981Same vendor: Dlink
CVE-2026-7247Same vendor: Dlink
CVE-2026-6012Same vendor: Dlink
CVE-2025-13552Same vendor: Dlink
CVE-2026-7854Same vendor: Dlink
CVE-2025-10034Same vendor: Dlink
CVE-2026-6014Same vendor: Dlink
CVE-2026-7248Same vendor: Dlink

References