Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow flaw arises from insufficient input validation of the vlan_name field in the /shut_set.asp web interface of D‑Link DI‑8003 firmware 16.07.26A1. A malicious payload supplied in that parameter can overflow the buffer, potentially allowing an attacker to inject code or crash the device, leading to remote execution or denial of service.

Affected Systems

The flaw affects D‑Link DI‑8003 routers running firmware version 16.07.26A1.

Risk and Exploitability

The vulnerability is publicly documented on D‑Link’s security bulletin page, yet no official patch or mitigation has been published at the time of reporting. The EPSS score is unavailable and the issue is not listed in the KEV catalog. An attacker would likely target the device over the network, sending a specially crafted vlan_name string to the /shut_set.asp endpoint while authenticated to the web interface. Successful exploitation could grant the attacker arbitrary code execution or cause a denial of service.

Generated by OpenCVE AI on April 8, 2026 at 19:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router’s firmware to the latest version released by D‑Link that addresses the buffer overflow.
  • If an update is not immediately available, restrict access to the web management interface by limiting it to trusted internal networks only.
  • Disable or block the /shut_set.asp endpoint and any VLAN configuration features that are not required for operation.
  • Monitor network traffic for unusual attempts to access the management interface and apply regular security audits.

Generated by OpenCVE AI on April 8, 2026 at 19:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /shut_set.asp vlan_name Parameter
First Time appeared Dlink
Dlink di-8003
Weaknesses CWE-120
CWE-20
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint.
References

Subscriptions

Dlink Di-8003
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:26:06.049Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50649

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:24:15.687

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-50649

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:13:00Z

Weaknesses