Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Buffer Overflow
Action: Patch Firmware
AI Analysis

Impact

A buffer overflow vulnerability was identified in D‑Link DI‑8003 firmware 16.07.26A1 due to unsanitized handling of the name parameter in the /thd_group.asp endpoint. The flaw allows an attacker to overflow a memory buffer, which could lead to arbitrary code execution or other disruptive behaviors. While the CVE description does not explicitly state remote code execution, buffer overflow defects of this nature typically enable such exploits.

Affected Systems

The vulnerability affects D‑Link DI‑8003 devices running firmware version 16.07.26A1. No other products or firmware versions are listed as impacted in the advisory. Devices that expose the /thd_group.asp resource to external networks are at risk.

Risk and Exploitability

The CVSS score is not publicly documented, but buffer overflow flaws are generally considered high severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote; an attacker must be able to send crafted HTTP requests to /thd_group.asp from outside the local network. Exfiltration or persistence would depend on successful exploitation of the overflow.

Generated by OpenCVE AI on April 8, 2026 at 20:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the DI‑8003 firmware to the latest version released by D‑Link.
  • If a firmware update is not yet available, block external access to the /thd_group.asp resource using firewall or router rules.
  • Monitor device logs for abnormal activity and apply standard network hardening practices.

Generated by OpenCVE AI on April 8, 2026 at 20:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /thd_group.asp Endpoint
Weaknesses CWE-119

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8003
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint.
References

Subscriptions

Dlink Di-8003
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:30:06.429Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50655

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:24:16.257

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-50655

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:28:29Z

Weaknesses