Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential Remote Code Execution due to buffer overflow
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow occurs in the D-Link DI-8003 model firmware 16.07.26A1 because the id parameter on the /thd_member.asp endpoint is not validated. This flaw could allow an attacker who can send HTTP requests to the device to overflow a buffer, potentially executing arbitrary code and compromising the device’s confidentiality, integrity, and availability.

Affected Systems

The affected device is the D-Link DI‑8003 router running firmware version 16.07.26A1. No other vendors or products are listed in the CNA data.

Risk and Exploitability

EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, through a crafted HTTP request to the exposed management interface. Exploitation would require network access to the device, and success would give the attacker high impact.

Generated by OpenCVE AI on April 8, 2026 at 19:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check D-Link’s support site for a firmware update that addresses the /thd_member.asp buffer overflow and apply it promptly.
  • If a patch is not available, restrict external access to the router’s management interface or disable the /thd_member.asp functionality via firewall rules.
  • Monitor network traffic for suspicious requests targeting the /thd_member.asp endpoint and consider isolating the router from unsecured networks.

Generated by OpenCVE AI on April 8, 2026 at 19:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8003
Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink di-8003
Dlink di-8003 Firmware

Fri, 10 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8003
Vendors & Products D-link
D-link di-8003

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D-Link DI-8003 /thd_member.asp Endpoint
Weaknesses CWE-121

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.
References

Subscriptions

D-link Di-8003
Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T15:41:20.354Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50654

cve-icon Vulnrichment

Updated: 2026-04-10T15:37:17.944Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T19:24:16.147

Modified: 2026-04-10T21:05:06.343

Link: CVE-2025-50654

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:22:39Z

Weaknesses