CVE-2026-7855
Published: 05 May 2026
Summary
CVE-2026-7855 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and patching of the buffer overflow flaw in the tggl_asp function of the D-Link DI-8100 firmware.
SI-10 mandates validation of HTTP request inputs such as the 'Name' argument to block buffer overflows in the /tggl.asp handler.
SI-16 provides memory protections like address space layout randomization and stack guards to hinder exploitation of the buffer overflow vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing HTTP handler (/tggl.asp) on network device allows remote authenticated RCE with low privileges and high C/I/A impact, directly mapping to exploitation of public-facing apps (T1190) and privilege escalation via vuln (T1068).
NVD Description
A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can…
more
be initiated remotely. The exploit is now public and may be used.
Deeper analysisAI
CVE-2026-7855 is a buffer overflow vulnerability affecting the D-Link DI-8100 router running firmware version 16.07.26A1. The issue resides in the tggl_asp function within the /tggl.asp file of the HTTP Request Handler component. It is triggered by manipulating the "Name" argument in an HTTP request, leading to a buffer overflow classified under CWE-119 and CWE-120. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-05-05.
Attackers with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise on the affected device.
References include a GitHub report detailing the overflow in /tggl.asp, VulDB entries (including submission and CTI data), and the D-Link website. The exploit is publicly available and may be used, but no specific patch or mitigation details are outlined in the provided information.
The public availability of the exploit increases the risk for unpatched D-Link DI-8100 devices exposed to the internet.
Details
- CWE(s)