A buffer overflow vulnerability exists in the /qos_type_asp.asp endpoint of the D-Link DI-8003 router. The flaw arises from insufficient validation of the name parameter, which can cause memory corruption when an overly long value is submitted. If exploited, this could allow an attacker to execute arbitrary code, crash the device, or otherwise destabilize its operation.

The affected system is the D-Link DI-8003 router running firmware version 16.07.26A1. No other vendors, products, or versions are listed as impacted.

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating limited publicly identified exploitation. The risk remains significant because a remote attacker could send a crafted HTTP request to the vulnerable endpoint from any network that can reach the router's management interface. No official patch or workaround has been released, so the vulnerability presents a high likelihood of potentially critical impact if the router is exposed to untrusted networks.