A buffer overflow occurs when the device processes the "wans" parameter in the qos.asp web interface. The vulnerability can corrupt the program’s execution flow, allowing an attacker to inject and execute arbitrary code on the router. The weakness is a classic memory corruption flaw, and successful exploitation would give an attacker full control over the affected device, compromising confidentiality, integrity, and availability.

Only the D‑Link DI‑8003 model running firmware version 16.07.26A1 is explicitly mentioned. No other firmware or model versions are listed in the advisory. Users with this exact build are affected.

The CVSS score is not provided in the data, so the exact severity cannot be quantified, but a classic buffer overflow is generally high risk. No EPSS score is available, indicating uncertainty about exploitation likelihood, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the web interface, where a crafted HTTP request to qos.asp could trigger the overflow, but this is inferred from the description.