{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-7851/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-7851"}],"_cs_exploited":false,"_cs_products":["DI-8100 firmware 16.07.26A1"],"_cs_severities":["high"],"_cs_tags":["buffer-overflow","d-link","router","cve-2026-7851"],"_cs_type":"advisory","_cs_vendors":["D-Link"],"content_html":"\u003cp\u003eA stack-based buffer overflow vulnerability has been identified in D-Link DI-8100 routers running firmware version 16.07.26A1. The vulnerability resides within the \u003ccode\u003esprintf\u003c/code\u003e function of the \u003ccode\u003eyyxz.asp\u003c/code\u003e file. Successful exploitation allows remote attackers to execute arbitrary code. Publicly available exploit code exists, increasing the risk of widespread exploitation targeting these devices. Given the potential for complete system compromise, this poses a significant risk to affected D-Link router users.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker sends a malicious HTTP request to the vulnerable D-Link DI-8100 device.\u003c/li\u003e\n\u003cli\u003eThe request targets the \u003ccode\u003eyyxz.asp\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eID\u003c/code\u003e argument in the request is manipulated to contain an overly long string.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esprintf\u003c/code\u003e function in \u003ccode\u003eyyxz.asp\u003c/code\u003e is called with the attacker-controlled \u003ccode\u003eID\u003c/code\u003e as input.\u003c/li\u003e\n\u003cli\u003eDue to the lack of proper bounds checking, the overly long \u003ccode\u003eID\u003c/code\u003e overflows the stack buffer.\u003c/li\u003e\n\u003cli\u003eThe attacker overwrites adjacent memory on the stack, including the return address.\u003c/li\u003e\n\u003cli\u003eUpon function return, control is transferred to the attacker-controlled address.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code on the device.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on the affected D-Link DI-8100 router. This could lead to complete compromise of the device, allowing attackers to intercept network traffic, modify router settings, or use the device as a bot in a botnet. Given that this device is typically deployed on the network perimeter, a successful attack could compromise the internal network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or firmware updates from D-Link to remediate the \u003ccode\u003esprintf\u003c/code\u003e stack-based buffer overflow vulnerability (CVE-2026-7851).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003eyyxz.asp\u003c/code\u003e file with unusually long \u003ccode\u003eID\u003c/code\u003e parameters, indicative of potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect exploitation attempts in network traffic.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T18:16:03Z","date_published":"2026-05-05T18:16:03Z","id":"/briefs/2026-05-dlink-sprintf-overflow/","summary":"A stack-based buffer overflow vulnerability exists in D-Link DI-8100 with firmware version 16.07.26A1, affecting the sprintf function in the yyxz.asp file; manipulation of the ID argument can lead to remote exploitation.","title":"D-Link DI-8100 Stack-Based Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-dlink-sprintf-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-7851","version":"https://jsonfeed.org/version/1.1"}