QwikSec

Security Database

CVE

CWE

Training

CVE-2026-10206

Published: Jun 1, 2026

Modified: Jun 1, 2026

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.

Vendor	Product	Versions
D-Link	DI-8400	affected `16.07.26A1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

VDB-367486 | D-Link DI-8400 dbsrv.asp stack-based overflow

vdb-entry

technical-description

VDB-367486 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

CVE-2026-10206 | CVE Analysis and Report

third-party-advisory

Submit #821716 | D-Link DI-8400 <=v16.07.26A1 Buffer Overflow

third-party-advisory

https://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vuln

exploit

https://www.dlink.com/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.