CVE 9.3 CRITICAL

D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow_CVE-2026-7854

May 5, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

AI Analysis

Buffer overflow vulnerability in the POST Parameter Handler of D-Link DI-8100 via the url_rule_asp function, allowing remote exploitation

Basic Information

ID CVE-2026-7854

Source VulDB

Published May 5, 2026 at 18:15

Affected Product

Vendor D-Link

Product DI-8100

Version 16.07.26A1

Affected Versions D-Link DI-8100 16.07.26A1

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor D-Link

Product DI-8100

Version 16.07.26A1

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2026-05-05T18:15:14.438Z",
    "modified": "2026-05-05T18:15:14.438Z",
    "type": "cve",
    "title": "D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/361131\nhttps://vuldb.com/vuln/361131/cti\nhttps://vuldb.com/submit/807838\nhttps://github.com/draw-ctf/report/blob/main/DI-8100/url_rule_asp_overflow.md\nhttps://www.dlink.com/",
    "id": "CVE-2026-7854",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DI-8100 16.07.26A1",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DI-8100",
    "version": "16.07.26A1",
    "vendor": "D-Link",
    "ai_description": "Buffer overflow vulnerability in the POST Parameter Handler of D-Link DI-8100 via the url_rule_asp function, allowing remote exploitation",
    "ai_severity": "Critical",
    "ai_vendor": "D-Link",
    "ai_product": "DI-8100",
    "ai_version": "16.07.26A1",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply