CVE-2026-10270

D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow

CVSS 8.7 HIGHEPSS 0.7%CWE-119 CWE-121

A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

D-Link · DI-7001 MINI

public PoCs found — 1

cve_referencegithub.com/666324/dlink-DI-7001MINI-8G-vuln/tree/main/dlink-DI-7001MINI-8G-vulnunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/666324/dlink-DI-7001MINI-8G-vuln https://github.com/666324/dlink-DI-7001MINI-8G-vuln/tree/main/dlink-DI-7001MINI-8G-vuln https://vuldb.com/cve/CVE-2026-10270 https://vuldb.com/submit/825198 https://vuldb.com/vuln/367549 https://vuldb.com/vuln/367549/cti https://www.dlink.com/