Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Buffer overflow in router web interface
Action: Update firmware
AI Analysis

Impact

A buffer overflow vulnerability exists in D‑Link DI‑8003 firmware 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint. The flaw allows an attacker to send malformed data that can write beyond the intended memory boundary, potentially leading to unpredictable program behavior. No specific exploitation outcome is described in the advisory.

Affected Systems

This vulnerability affects D‑Link DI‑8003 routers running firmware 16.07.26A1. The affected systems are the router devices with that specific firmware version; no other firmware revisions or hardware models are mentioned.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity rating. The EPSS score is less than 1%, suggesting low likelihood of widespread exploitation at present. The vulnerability is not listed in the CISA KEV catalog, implying no known active exploitation. Likely attack vector is an attacker who can reach the router’s web interface, for example from the local network or from an externally exposed management port; this is inferred from the endpoint description. Overall risk is moderate to high, contingent on the presence of the vulnerable router and its exposure to potential attackers.

Generated by OpenCVE AI on April 13, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply official firmware update to a version newer than 16.07.26A1, if available from D‑Link.
  • If no firmware update exists, restrict access to the router’s web interface to trusted networks only.
  • Monitor web‑interface logs for spam or abnormal POST requests to /qos_type_asp.asp and consider additional access controls.

Generated by OpenCVE AI on April 13, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /qos_type_asp.asp Endpoint

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D-Link DI-8003 QoS Endpoint
Weaknesses CWE-119

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink di-8003 Firmware

Fri, 10 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D-Link DI-8003 QoS Endpoint
First Time appeared Dlink
Dlink di-8003
Weaknesses CWE-119
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint.
References

Subscriptions

Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-22T15:26:44.287Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50646

cve-icon Vulnrichment

Updated: 2026-04-10T13:14:00.884Z

cve-icon NVD

Status : Modified

Published: 2026-04-08T19:24:15.347

Modified: 2026-04-22T16:16:49.140

Link: CVE-2025-50646

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:40:37Z

Weaknesses