CVE-2026-7851

D-Link DI-8100 yyxz.asp sprintf stack-based overflow

CVSS 8.6 HIGHEPSS 4.1%CWE-119 CWE-121

Vexday Risk Score

41Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.6EPSS 4.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

05 May 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

D-Link · DI-8100

public PoCs found — 1

cve_referencegithub.com/draw-ctf/report/blob/main/DI-8100/yyxz_dlink_asp_overflow.mdunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/draw-ctf/report/blob/main/DI-8100/yyxz_dlink_asp_overflow.md https://vuldb.com/submit/807798 https://vuldb.com/vuln/361128 https://vuldb.com/vuln/361128/cti https://www.dlink.com/