Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Buffer Overflow
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow vulnerability exists in the /tggl.asp endpoint of the D‑Link DI‑8003 router due to inadequate input validation. Malicious data sent to this endpoint can overwrite memory and potentially allow an attacker to execute arbitrary code on the device. Such an attack would compromise confidentiality, integrity, and availability of the network equipment and could be leveraged to pivot to other systems within the local network.

Affected Systems

The affected product is the D‑Link DI‑8003 router running firmware version 16.07.26A1. No other vendors or product variations are listed as impacted within the available data.

Risk and Exploitability

The CVSS score is not provided, but buffer overflow vulnerabilities are generally considered high‑severity. There is no EPSS score and the vulnerability is not listed in the CISA KEV catalog, indicating that widespread exploitation has not been documented. The likely attack vector is over the network through a crafted HTTP request to /tggl.asp, but the exact exploitation details are not supplied.

Generated by OpenCVE AI on April 8, 2026 at 20:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check D‑Link’s website for a firmware update that addresses this issue and apply the newest stable firmware to the DI‑8003.
  • If an update is unavailable or cannot be applied immediately, restrict external access to the router’s web management interface, preferably via a firewall or by disabling the /tggl.asp endpoint if possible.
  • Continuously monitor network traffic for abnormal HTTP requests to /tggl.asp and review system logs for signs of exploitation attempts.

Generated by OpenCVE AI on April 8, 2026 at 20:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8003
Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink di-8003
Dlink di-8003 Firmware

Fri, 10 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8003
Vendors & Products D-link
D-link di-8003

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D-Link DI‑8003 /tggl.asp Endpoint
Weaknesses CWE-120

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.
References

Subscriptions

D-link Di-8003
Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T15:41:55.597Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50648

cve-icon Vulnrichment

Updated: 2026-04-10T15:37:22.583Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T19:24:15.570

Modified: 2026-04-10T21:06:45.857

Link: CVE-2025-50648

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:22:40Z

Weaknesses