The D-Link DI-8003 router firmware 16.07.26A1 contains a buffer overflow vulnerability when the id parameter in the /saveparm_usb.asp endpoint is unchecked. Because the input is not validated, an attacker can submit an oversized payload that overflows a stack buffer and potentially inject malicious code. This flaw, classified as a stack‑based buffer overflow (CWE-120), could allow remote code execution if the attacker can reach the router’s web interface.

The only vendor and product explicitly listed in the CVE data is the D-Link DI-8003 series router running firmware 16.07.26A1. No additional D-Link models or firmware revisions are identified as affected, and the issue is tied specifically to the /saveparm_usb.asp page of the router’s web administration interface.

The CVSS score of 7.5 indicates a high severity vulnerability that could compromise confidentiality, integrity, and availability of the device. The EPSS score of less than 1% suggests that exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog, meaning no widespread exploitation has been reported. The likely attack vector is an HTTP request to /saveparm_usb.asp; this inference is based on the description of the vulnerable endpoint and the common practice of exposing router management interfaces on local or exposed networks.