Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow exists in the DI‑8003 router’s /url_group.asp endpoint due to improper handling of the name parameter. A crafted request to this handler can corrupt the device’s memory, potentially allowing an attacker to inject and execute arbitrary code. The result is a compromise of data confidentiality, integrity, and device availability.

Affected Systems

D‑Link DI‑8003 routers running firmware 16.07.26A1. No other products or firmware versions are identified as vulnerable.

Risk and Exploitability

Although no CVSS score or EPSS figure is provided, the nature of the defect— a buffer overflow that can lead to remote code execution—implies very high severity. The flaw is reachable through the web administration interface, meaning local or remote attackers with network access to the router could exploit it. D‑Link has issued a security bulletin, suggesting that a firmware update exists to remediate the issue.

Generated by OpenCVE AI on April 8, 2026 at 19:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update for the D‑Link DI‑8003 router released by the vendor.
  • If no update is available, disable or block access to the /url_group.asp endpoint, or restrict the web interface to trusted IP addresses.
  • Monitor the web interface logs for anomalous access attempts to /url_group.asp.
  • Consider network segmentation to isolate the router from critical internal systems.

Generated by OpenCVE AI on April 8, 2026 at 19:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8003
Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink di-8003
Dlink di-8003 Firmware

Fri, 10 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8003
Vendors & Products D-link
D-link di-8003

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 Web Interface Allows Remote Code Execution
Weaknesses CWE-120

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.
References

Subscriptions

D-link Di-8003
Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T17:52:49.377Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50662

cve-icon Vulnrichment

Updated: 2026-04-10T17:52:42.411Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T19:24:16.807

Modified: 2026-04-10T21:12:06.563

Link: CVE-2025-50662

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:22:35Z

Weaknesses