← back
CVE-2026-7851

D-Link DI-8100 yyxz.asp sprintf stack-based overflow

CVSS 8.6 HIGHEPSS 4.1%CWE-119CWE-121
A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
D-Link · DI-8100
public PoCs found1
cve_referencegithub.com/draw-ctf/report/blob/main/DI-8100/yyxz_dlink_asp_overflow.mdunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/draw-ctf/report/blob/main/DI-8100/yyxz_dlink_asp_overflow.mdhttps://vuldb.com/submit/807798https://vuldb.com/vuln/361128https://vuldb.com/vuln/361128/ctihttps://www.dlink.com/