Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

A stack-based buffer overflow exists in the /user_group.asp page of the D-Link DI-8003 router firmware 16.07.26A1. The vulnerability is caused by improper handling of the name, mem, pri, and attr parameters in an HTTP GET request. It is inferred that a successful overflow could allow an attacker to execute arbitrary code on the device, thereby compromising the router's integrity and confidentiality.

Affected Systems

The flaw affects only the D-Link DI-8003 model running firmware version 16.07.26A1. No other D-Link models or firmware releases are mentioned in the available reports. The affected component is the web-based administrative interface exposed at /user_group.asp.

Risk and Exploitability

The reported CVSS score of 7.5 indicates a high severity. The EPSS score is below 1%, and the vulnerability is not listed in the CISA KEV catalog, suggesting that public exploitation is currently unlikely. Based on the description, the likely attack vector is remote over HTTP, meaning an unauthenticated attacker with network access to the router’s web interface can craft the malicious request. The precise impact of exploitation is not explicitly stated, but a buffer overflow of this nature typically allows code execution with the privileges of the web-server process.

Generated by OpenCVE AI on April 13, 2026 at 16:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the DI-8003 firmware to a version that fixes the buffer-overflow vulnerability if a newer release is available from D-Link.
  • If no patch exists, block HTTP traffic to the /user_group.asp endpoint by configuring the router's firewall or disable remote management entirely.
  • Monitor the device's web-server logs for unusually large or malformed GET requests that contain the name, mem, pri, or attr parameters.
  • Ensure that the administrative interface is protected with a strong, unique password and is accessible only from trusted internal networks.
  • Contact D-Link support or review the vendor's security bulletin for any additional mitigation guidance.

Generated by OpenCVE AI on April 13, 2026 at 16:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Buffer overflow in D-Link DI-8003 /user_group.asp endpoint

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /user_group.asp Allows Remote Code Execution
Weaknesses CWE-119

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink di-8003 Firmware

Fri, 10 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /user_group.asp Allows Remote Code Execution
First Time appeared Dlink
Dlink di-8003
Weaknesses CWE-119
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr.
References

Subscriptions

Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-22T15:42:13.079Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50664

cve-icon Vulnrichment

Updated: 2026-04-10T17:58:24.259Z

cve-icon NVD

Status : Modified

Published: 2026-04-08T19:24:17.033

Modified: 2026-04-22T16:16:51.500

Link: CVE-2025-50664

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:40:24Z

Weaknesses