Cyber Resilience

CVE-2026-7289

HighPublic PoC

Published: 28 April 2026

Published
28 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0069 48.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7289 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Dir-825M Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-7289 is a buffer overflow vulnerability affecting the D-Link DIR-825M router running firmware version 1.1.12. The issue resides in the function sub_414BA8 within the file /boafrm/formWanConfigSetup, where manipulation of the submit-url argument triggers the overflow. Classified under CWE-119 and CWE-120, it received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-04-28.

An attacker with network access and low privileges, such as an authenticated user, can remotely exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact outcomes, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to full compromise of the affected device.

Mitigation details are available through referenced advisories, including VulDB entries at https://vuldb.com/vuln/359947 and https://vuldb.com/submit/803025, a GitHub issue at https://github.com/Kiciot/cve/issues/3, and the D-Link website at https://www.dlink.com/. The exploit has been made public, increasing the risk of active exploitation.

EU & UK References

Vulnerability details

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public…

more

and could be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the router's web form (formWanConfigSetup) directly enables remote exploitation of a network-accessible/public-facing application, leading to RCE and full device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7288Same product: Dlink Dir-825M
CVE-2025-13304Same product: Dlink Dir-825M
CVE-2026-5980Same vendor: Dlink
CVE-2026-7857Same vendor: Dlink
CVE-2025-13550Same vendor: Dlink
CVE-2026-5979Same vendor: Dlink
CVE-2025-15189Same vendor: Dlink
CVE-2025-13552Same vendor: Dlink
CVE-2026-5982Same vendor: Dlink
CVE-2025-11408Same vendor: Dlink

Affected Assets

dlink
dir-825m firmware
1.1.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow vulnerability in sub_414BA8 by applying vendor firmware patches or updates.

prevent

Validates the submit-url argument in formWanConfigSetup to block malformed inputs that trigger the buffer overflow.

prevent

Provides memory protections like non-executable stacks or address space layout randomization to prevent exploitation of the buffer overflow.

References