Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Apply patch
AI Analysis

Impact

A buffer overflow flaw exists in the D‑Link DI‑8003 device running firmware 16.07.26A1, caused by improper handling of the name parameter in the /usb_paswd.asp web interface. The excess input can overwrite adjacent memory, potentially leading to corruption of device firmware or internal data structures. The description does not state a specific consequence, but a buffer overflow of this nature could be leveraged to alter execution flow, so the potential impact may include remote code execution or denial of service.

Affected Systems

All units of the D‑Link DI‑8003 running firmware revision 16.07.26A1 are affected. No other firmware versions are mentioned in the advisory.

Risk and Exploitability

No CVSS score or EPSS data is supplied, so the formal severity cannot be quantified. The flaw is reachable through the HTTP interface exposed by the device, meaning an attacker with network access to the web interface can attempt the exploit. The vulnerability is not listed in CISA’s KEV catalog, but that does not rule out potential exploitation, especially for devices exposed to the internet or an untrusted network segment.

Generated by OpenCVE AI on April 8, 2026 at 20:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available firmware update from D‑Link that addresses the buffer overflow in the /usb_paswd.asp endpoint.
  • If an update is unavailable, restrict or block HTTP access to the /usb_paswd.asp endpoint from untrusted networks or limit the web interface to trusted IP addresses.
  • Monitor device logs for anomalous requests to /usb_paswd.asp that could indicate exploitation attempts.

Generated by OpenCVE AI on April 8, 2026 at 20:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /usb_paswd.asp Endpoint
Weaknesses CWE-120
CWE-787

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8003
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.
References

Subscriptions

Dlink Di-8003
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:36:53.924Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50663

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:24:16.920

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-50663

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:28:25Z

Weaknesses