Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint.
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Potential remote code execution
Action: Patch ASAP
AI Analysis

Impact

A buffer overflow arises from the way the custom_error parameter is processed in the /user.asp endpoint of the device, allowing an attacker to corrupt memory on the router. The overflow can lead to arbitrary code execution or a crash of the web services. The description does not detail the full scope, but the severity is implied by the nature of a buffer overflow. The likely attack vector is through the publicly reachable web interface, which is inferred from the presence of the /user.asp endpoint.

Affected Systems

The vulnerability affects D‑Link DI‑8003 devices with firmware 16.07.26A1. No other affected product or version information is available. The impact applies to any device running that specific firmware build.

Risk and Exploitability

The CVSS score is not supplied, and the EPSS value is missing, so the precise severity is uncertain; however, a buffer overflow is typically considered high risk. No KEV listing suggests it has not been widely exploited yet, but the potential for remote exploitation remains. Likely exploitation would require network access to the device's management web interface, and would grant the attacker control over the device or cause a denial of service.

Generated by OpenCVE AI on April 8, 2026 at 19:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version that addresses this issue if one is available from D‑Link.
  • If a new firmware is not available, restrict access to the device’s web interface by placing it behind a firewall and allowing only trusted IP addresses.
  • Consider disabling the custom_error parameter or the /user.asp endpoint through the router’s configuration if possible.
  • Back up the device’s configuration before applying changes or updates.

Generated by OpenCVE AI on April 8, 2026 at 19:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Custom Error Parameter Handling of D-Link DI-8003 /user.asp Endpoint
Weaknesses CWE-120

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:33:21.270Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50659

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:24:16.470

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-50659

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:02:17Z

Weaknesses