Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

A buffer overflow occurs when the router processes the pid parameter in the /trace.asp web request. The improper validation can allow an attacker to overwrite memory on the device and potentially execute arbitrary code, compromising confidentiality, integrity, and availability of the network.

Affected Systems

D‑Link DI‑8003 router running firmware 16.07.26A1 is identified as affected. No other versions or manufacturers are listed in the report.

Risk and Exploitability

The vulnerability has no publicly disclosed exploit data and is not listed in the CISA KEV catalog. EPSS data is unavailable, so the relative likelihood is unknown. The attack is inferred to be possible via the publicly accessible HTTP endpoint; an attacker would need to send a crafted packet to the pid parameter, which may be reachable from the LAN or the internet if the router is exposed. Because buffer overflows often lead to remote code execution, the potential impact is severe.

Generated by OpenCVE AI on April 8, 2026 at 19:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from D‑Link for the DI‑8003 router that addresses the buffer overflow bug.
  • If an official update is not yet released, contact D‑Link support for guidance and request a temporary patch or workaround.
  • Temporarily block or restrict external access to the /trace.asp endpoint on the router’s web interface via firewall rules or router configuration.
  • Continuously monitor router logs for unusual trace.asp activity or unexpected payloads.

Generated by OpenCVE AI on April 8, 2026 at 19:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 trace.asp Endpoint
First Time appeared Dlink
Dlink di-8003
Weaknesses CWE-120
CWE-787
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint.
References

Subscriptions

Dlink Di-8003
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:30:54.090Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50657

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:24:16.363

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-50657

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:12:54Z

Weaknesses