CVE 9.3 CRITICAL

D-Link DI-8100 CGI Endpoint tgfile.htm tgfile_htm buffer overflow_CVE-2026-7248

April 28, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

AI Analysis

Buffer overflow vulnerability in the CGI Endpoint of D-Link DI-8100 via the tgfile_htm function

Basic Information

ID CVE-2026-7248

Source VulDB

Published Apr 28, 2026 at 08:45

Affected Product

Vendor D-Link

Product DI-8100

Version 16.07.26A1

Affected Versions D-Link DI-8100 16.07.26A1

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor D-Link

Product DI-8100

Version 16.07.26A1

References

{
    "lastseen": "",
    "description": "A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.",
    "published": "2026-04-28T08:45:12.356Z",
    "modified": "2026-04-28T08:45:12.356Z",
    "type": "cve",
    "title": "D-Link DI-8100 CGI Endpoint tgfile.htm tgfile_htm buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359857\nhttps://vuldb.com/vuln/359857/cti\nhttps://vuldb.com/submit/802869\nhttps://github.com/draw-ctf/report/blob/main/DI-8100/DI-8100_tgfile_htm_overflow.md\nhttps://www.dlink.com/",
    "id": "CVE-2026-7248",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DI-8100 16.07.26A1",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DI-8100",
    "version": "16.07.26A1",
    "vendor": "D-Link",
    "ai_description": "Buffer overflow vulnerability in the CGI Endpoint of D-Link DI-8100 via the tgfile_htm function",
    "ai_severity": "Critical",
    "ai_vendor": "D-Link",
    "ai_product": "DI-8100",
    "ai_version": "16.07.26A1",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply