Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

A buffer overflow flaw in the D‑Link DI‑8003 router occurs when the routes_static parameter in the /router.asp endpoint receives input that exceeds the allocated buffer. The inadequate validation allows an attacker to inject oversized data, potentially overwriting adjacent memory and enabling the execution of arbitrary code. Exploitation could lead to total device compromise, allowing the attacker to alter configuration, intercept traffic, or use the device as part of a larger attack.

Affected Systems

This issue affects the D‑Link DI‑8003 router running firmware 16.07.26A1. No other product variants or firmware versions are listed as affected in the available information.

Risk and Exploitability

The public CVSS score is not provided, and EPSS data is unavailable. The vulnerability is not listed in CISA’s KEV catalog, suggesting no widely known exploitation yet. However, because the flaw is a classic buffer overflow that can be triggered via an HTTP request to /router.asp, it is likely exploitable by an external attacker with network access to the router’s administrative interface. Until a vendor patch is released, the risk remains significant for any device remaining at the vulnerable firmware level.

Generated by OpenCVE AI on April 8, 2026 at 19:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the D‑Link DI‑8003 firmware to a version that resolves the buffer overflow flaw.
  • If a patch is not immediately available, restrict access to the /router.asp endpoint, for example by implementing firewall rules or disabling remote management.
  • Disable unused management interfaces and services on the router.
  • Verify that all firmware updates received from D‑Link undergo signature or checksum verification before installation.

Generated by OpenCVE AI on April 8, 2026 at 19:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 Router
First Time appeared Dlink
Dlink di-8003
Weaknesses CWE-120
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.
References

Subscriptions

Dlink Di-8003
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:27:07.550Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50650

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:24:15.800

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-50650

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:12:58Z

Weaknesses