Critical severity9.8NVD Advisory· Published May 5, 2026· Updated May 6, 2026

CVE-2026-7854

Description

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Affected products

Draw Ctf/Reportreferences
Dlink/Di 8100 Firmware
cpe:2.3:o:dlink:di-8100_firmware:16.07.26a1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/draw-ctf/report/blob/main/DI-8100/url_rule_asp_overflow.mdnvdExploitThird Party Advisory
vuldb.com/submit/807838nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/361131nvdThird Party Advisory
vuldb.com/vuln/361131/ctinvdPermissions RequiredVDB Entry
www.dlink.comnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000