Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a classic buffer overflow caused by improper handling of the name parameter in the /usb_paswd.asp endpoint of the D-Link DI-8003. This flaw can overwrite the stack and allow an attacker to inject and execute arbitrary code, giving control over the device. The impact is loss of confidentiality, integrity, and availability, potentially leading to full system compromise.

Affected Systems

Affected device is the D-Link DI-8003 with firmware version 16.07.26A1. The flaw exists in the HTTP interface that processes the /usb_paswd.asp request. No other firmware versions or product lines are listed.

Risk and Exploitability

The CVSS score of 7.5 categorizes the flaw as high severity. The EPSS score below 1% suggests the probability of exploitation is currently low, and the vulnerability is not yet reported in the CISA KEV catalog. Attacks would likely originate from an attacker who can reach the device’s web interface, delivering a crafted request that triggers the overflow. The lack of a public exploit and low EPSS score reduce immediate threat, but the potential for remote code execution makes it a priority for patching.

Generated by OpenCVE AI on April 13, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the DI-8003 firmware to a version newer than 16.07.26A1

Generated by OpenCVE AI on April 13, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 USB Password Endpoint

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /usb_paswd.asp Endpoint
Weaknesses CWE-120
CWE-787

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink di-8003 Firmware

Fri, 10 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /usb_paswd.asp Endpoint
Weaknesses CWE-120
CWE-787

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8003
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.
References

Subscriptions

Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-22T15:40:58.895Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50663

cve-icon Vulnrichment

Updated: 2026-04-10T17:57:11.277Z

cve-icon NVD

Status : Modified

Published: 2026-04-08T19:24:16.920

Modified: 2026-04-22T16:16:51.350

Link: CVE-2025-50663

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:40:25Z

Weaknesses