| Title | D-Link DI-8100 16.07.26A1 Denial of Service |
|---|
| Description | A critical stack-based buffer overflow vulnerability exists in the file_exten.asp CGI script of the DI-8100 router firmware. The vulnerability is triggered when processing the name parameter with an overly long string during file extension configuration operations (opt=add or opt=mod). An authenticated attacker can exploit this flaw to execute arbitrary code on the underlying system, potentially leading to complete device compromise, denial of service, or lateral movement within the network. |
|---|
| Source | ⚠️ https://github.com/draw-ctf/report/blob/main/DI-8100/file_exten_asp_overflow.md |
|---|
| User | draw (UID 64399) |
|---|
| Submission | 04/11/2026 17:00 (17 days ago) |
|---|
| Moderation | 04/27/2026 19:44 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 359856 [D-Link DI-8100 16.07.26A1 File Extension file_exten.asp file_exten_asp Name buffer overflow] |
|---|
| Points | 20 |
|---|