Cyber Resilience

CVE-2026-7853

HighPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0152 71.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7853 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-7853 is a buffer overflow vulnerability affecting the D-Link DI-8100 router on firmware version 16.07.26A1. The flaw exists in the sprintf function within the /auto_reboot.asp file of the HTTP Handler component, where manipulation of the "enable" or "time" arguments triggers the overflow.

The vulnerability enables remote exploitation without authentication, privileges, or user interaction, as indicated by its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Attackers can achieve high confidentiality, integrity, and availability impacts, potentially leading to full system compromise. A public exploit is available, increasing the risk of attacks.

Advisories and details are documented in references including a GitHub report at https://github.com/draw-ctf/report/blob/main/DI-8100/auto_reboot_asp_overflow.md, VulDB entries at https://vuldb.com/vuln/361130 and related pages, and the D-Link website at https://www.dlink.com/.

The exploit has been made publicly available and could be used for attacks, with associated CWEs CWE-119 and CWE-120.

EU & UK References

Vulnerability details

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely.…

more

The exploit has been made available to the public and could be used for attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in unauthenticated HTTP handler (/auto_reboot.asp) on public-facing router firmware directly enables remote code execution against an internet-exposed web application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7857Same product: Dlink Di-8100
CVE-2026-7248Same product: Dlink Di-8100
CVE-2026-7247Same product: Dlink Di-8100
CVE-2026-7854Same product: Dlink Di-8100
CVE-2026-7856Same product: Dlink Di-8100
CVE-2026-7855Same product: Dlink Di-8100
CVE-2025-7911Same product: Dlink Di-8100
CVE-2026-7851Same product: Dlink Di-8100
CVE-2025-7762Same product: Dlink Di-8100
CVE-2025-7908Same product: Dlink Di-8100

Affected Assets

dlink
di-8100 firmware
16.07.26a1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents buffer overflow by validating the enable/time arguments manipulated in the HTTP handler's sprintf function.

prevent

Requires timely remediation of the identified buffer overflow flaw in the D-Link DI-8100 firmware via patching or updates.

prevent

Implements memory protections like ASLR and DEP to mitigate exploitation of the buffer overflow even if input validation fails.

References