Description
A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow condition.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

A buffer overflow vulnerability exists in the manufacturer’s DI‑8003 router firmware. Malicious users can send a specially crafted request to the pppoe_list_opt.asp endpoint with an excessively large s parameter value, which overflows a buffer and may allow arbitrary code to run on the device. The result could be loss of confidentiality, integrity, and availability of the router and any network services attached to it.

Affected Systems

The affected device is the D‑Link DI‑8003 router running firmware version 16.07.26A1. No other versions have been identified as vulnerable in the available data.

Risk and Exploitability

The CVSS score is not publicly listed, and the vulnerability is not included in CISA’s KEV catalog, making exact risk assessment difficult. The buffer overflow occurs through a network‑exposed HTTP endpoint, so the likely attack vector is remote over the LAN or WAN. Because buffer overflows are a well‑known high‑risk flaw, the potential for exploitation should be treated as significant until a fix is applied.

Generated by OpenCVE AI on April 8, 2026 at 20:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the manufacturer’s website or contact support to determine whether a firmware update that addresses the buffer overflow is available and apply it promptly.
  • If no update has been released, consider blocking or disabling access to the pppoe_list_opt.asp endpoint via firewall rules to limit external reach.
  • Implement network segmentation and strict access controls to reduce the exposure of the router’s administrative interfaces.
  • Monitor the router for anomalous traffic or signs of a buffer overflow exploit, such as unexpected reboots or service crashes.

Generated by OpenCVE AI on April 8, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink di-8003 Firmware

Fri, 10 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 pppoe_list_opt.asp Endpoint
Weaknesses CWE-119
CWE-120

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8003
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow condition.
References

Subscriptions

Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T15:42:17.059Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50645

cve-icon Vulnrichment

Updated: 2026-04-10T13:12:43.194Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T19:24:15.227

Modified: 2026-04-10T21:10:16.713

Link: CVE-2025-50645

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:28:32Z

Weaknesses