CVE-2026-7853
Published: 05 May 2026
Summary
CVE-2026-7853 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflow by validating the enable/time arguments manipulated in the HTTP handler's sprintf function.
Requires timely remediation of the identified buffer overflow flaw in the D-Link DI-8100 firmware via patching or updates.
Implements memory protections like ASLR and DEP to mitigate exploitation of the buffer overflow even if input validation fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in unauthenticated HTTP handler (/auto_reboot.asp) on public-facing router firmware directly enables remote code execution against an internet-exposed web application.
NVD Description
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely.…
more
The exploit has been made available to the public and could be used for attacks.
Deeper analysisAI
CVE-2026-7853 is a buffer overflow vulnerability affecting the D-Link DI-8100 router on firmware version 16.07.26A1. The flaw exists in the sprintf function within the /auto_reboot.asp file of the HTTP Handler component, where manipulation of the "enable" or "time" arguments triggers the overflow.
The vulnerability enables remote exploitation without authentication, privileges, or user interaction, as indicated by its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Attackers can achieve high confidentiality, integrity, and availability impacts, potentially leading to full system compromise. A public exploit is available, increasing the risk of attacks.
Advisories and details are documented in references including a GitHub report at https://github.com/draw-ctf/report/blob/main/DI-8100/auto_reboot_asp_overflow.md, VulDB entries at https://vuldb.com/vuln/361130 and related pages, and the D-Link website at https://www.dlink.com/.
The exploit has been made publicly available and could be used for attacks, with associated CWEs CWE-119 and CWE-120.
Details
- CWE(s)