CVE 8.7 HIGH

D-Link DI-8400 dbsrv.asp stack-based overflow_CVE-2026-10206

May 31, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.

AI Analysis

Stack-based buffer overflow vulnerability in D-Link DI-8400 up to 16.07.26A1, allowing remote exploitation via manipulation of the argument str in the /dbsrv.asp file.

Basic Information

ID CVE-2026-10206

Source VulDB

Published Jun 1, 2026 at 00:15

Affected Product

Vendor D-Link

Product DI-8400

Version 16.07.26A1

Affected Versions D-Link DI-8400 16.07.26A1

CWE Classification

CWE-121 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor D-Link

Product DI-8400

Version 16.07.26A1

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.",
    "published": "2026-06-01T00:15:08.710Z",
    "modified": "2026-06-01T00:15:08.710Z",
    "type": "cve",
    "title": "D-Link DI-8400 dbsrv.asp stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367486\nhttps://vuldb.com/vuln/367486/cti\nhttps://vuldb.com/cve/CVE-2026-10206\nhttps://vuldb.com/submit/821716\nhttps://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vuln\nhttps://www.dlink.com/",
    "id": "CVE-2026-10206",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "D-Link DI-8400 16.07.26A1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DI-8400",
    "version": "16.07.26A1",
    "vendor": "D-Link",
    "ai_description": "Stack-based buffer overflow vulnerability in D-Link DI-8400 up to 16.07.26A1, allowing remote exploitation via manipulation of the argument str in the /dbsrv.asp file.",
    "ai_severity": "High",
    "ai_vendor": "D-Link",
    "ai_product": "DI-8400",
    "ai_version": "16.07.26A1",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply