Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow exists in the firmware version 16.07.26a1 of the D‑Link DI‑8003 router due to insufficient validation of the routes_static parameter sent to the /router.asp endpoint. An attacker who can supply a carefully crafted payload may overwrite adjacent memory and gain arbitrary code execution on the device, compromising confidentiality, integrity, and availability. The weakness aligns with the common vulnerability type CWE‑120.

Affected Systems

D‑Link DI‑8003 routers running the firmware build 16.07.26a1 are impacted. Only this specific firmware revision is known to contain the flaw; newer releases may have addressed the issue. The vulnerability is identified by the common platform enumeration strings for both the hardware and firmware.

Risk and Exploitability

The flaw carries a CVSS base score of 7.5, marking it as high severity. The EPSS score is below 1 %, indicating that exploitation is not widespread, and it is not listed in the CISA KEV catalog. Nevertheless, attackers can reach the /router.asp endpoint via local network or remote management if the web interface is exposed, so the risk remains significant. While the precise attack path is not detailed, the lack of input size checks suggests that an adversary with network access could craft a request that overflows the buffer.

Generated by OpenCVE AI on April 10, 2026 at 22:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update released by D‑Link for the DI‑8003 that addresses the buffer overflow.
  • Limit access to the router’s web interface to known IP addresses or disable remote management altogether.
  • After updating, verify the device firmware version to ensure the patch has been installed.

Generated by OpenCVE AI on April 10, 2026 at 22:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
References

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 Router

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink di-8003 Firmware

Fri, 10 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 Router
First Time appeared Dlink
Dlink di-8003
Weaknesses CWE-120
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.
References

Subscriptions

Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-22T15:31:16.590Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50650

cve-icon Vulnrichment

Updated: 2026-04-10T15:37:20.725Z

cve-icon NVD

Status : Modified

Published: 2026-04-08T19:24:15.800

Modified: 2026-04-22T16:16:49.790

Link: CVE-2025-50650

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:25:51Z

Weaknesses