CVE-2026-7248
🔴 Łataj teraz
Przepełnienie bufora w D-Link DI-8100 umożliwia zdalne wykonanie kodu.
CVSS
9.8
EPSS
0.0%
Exploit
poc
Vendor
dlink
Opis źródłowy (NVD)
A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-04-28 09:16:18 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-30 13:18:11 UTC |
Referencje
- https://github.com/draw-ctf/report/blob/main/DI-8100/DI-8100_tgfile_htm_overflow.md (cna@vuldb.com) [Exploit, Third Party Advisory]
- https://vuldb.com/submit/802869 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359857 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359857/cti (cna@vuldb.com) [Permissions Required, VDB Entry]
- https://www.dlink.com/ (cna@vuldb.com) [Product]