Cyber Resilience

CVE-2026-7856

HighPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score v4 7.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 49.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7856 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-7856 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the D-Link DI-8100 router on firmware version 16.07.26A1. The issue lies in an unknown part of the /url_member.asp file within the Web Management Interface, where manipulation of the "Name" argument triggers the overflow. Published on 2026-05-05, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by attackers who possess high privileges, such as administrative access to the Web Management Interface. No user interaction is required, and low attack complexity allows a privileged remote attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system crashes via the buffer overflow.

Advisories referenced in VulDB entries and a GitHub report detail the flaw and include a published exploit that may be used. The D-Link website is also listed as a reference source. No specific patches or mitigations are mentioned in the available details, so practitioners should monitor vendor channels for firmware updates and restrict administrative access to the Web Management Interface.

The exploit's public availability on GitHub heightens the risk for unpatched D-Link DI-8100 devices.

EU & UK References

Vulnerability details

A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be…

more

launched remotely. The exploit has been published and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Buffer overflow RCE in authenticated web management interface directly enables T1190 (exploiting the exposed router web app) and T1059.004 (arbitrary command execution on embedded Linux via Unix shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7857Same product: Dlink Di-8100
CVE-2026-7853Same product: Dlink Di-8100
CVE-2026-7854Same product: Dlink Di-8100
CVE-2026-7248Same product: Dlink Di-8100
CVE-2026-7247Same product: Dlink Di-8100
CVE-2026-7855Same product: Dlink Di-8100
CVE-2026-7851Same product: Dlink Di-8100
CVE-2025-7762Same product: Dlink Di-8100
CVE-2025-7911Same product: Dlink Di-8100
CVE-2025-7908Same product: Dlink Di-8100

Affected Assets

dlink
di-8100 firmware
16.07.26a1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of the Name argument in /url_member.asp to block the buffer overflow before it occurs.

prevent

Limits the number of accounts holding the high privileges required to reach and exploit the web-management flaw.

prevent

Requires timely application of vendor firmware patches that eliminate the published buffer-overflow vulnerability.

References