Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and time.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow vulnerability exists in the D‑Link DI‑8003 firmware version 16.07.26A1, caused by improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can trigger the overflow by sending a crafted HTTP GET request containing malicious data in the name, en, user_id, log, and time parameters. The overflow could allow an unauthenticated attacker to execute arbitrary code on the device, compromising confidentiality, integrity, and availability. This weakness is a classic stack buffer overflow, identified as CWE‑120.

Affected Systems

Affected devices are D‑Link DI‑8003 routers running firmware version 16.07.26A1. No other affected versions are documented, but prior firmware releases that include the same /web_post.asp code may also be vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, while the EPSS score of less than 1 % suggests a low likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Likely, an attacker needs network access to the device’s web interface and can exploit the flaw via HTTP GET requests to /web_post.asp, potentially leading to remote code execution or denial‑of‑service. The remote nature of the attack poses a significant threat to exposed devices.

Generated by OpenCVE AI on April 13, 2026 at 15:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from D‑Link that fixes the /web_post.asp overflow issue.
  • If a firmware upgrade is not immediately available, restrict external access to the web interface using firewall rules or VPN‑only access.
  • Disable or remove the web management interface if it is not required for operation.
  • Monitor for suspicious HTTP traffic targeting /web_post.asp and block anomalous requests.

Generated by OpenCVE AI on April 13, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 web_post.asp Allows Remote Exploitation

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D-Link DI-8003 /web_post.asp Endpoint
Weaknesses CWE-119
CWE-20

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8003
Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink di-8003
Dlink di-8003 Firmware

Fri, 10 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8003
Vendors & Products D-link
D-link di-8003

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D-Link DI-8003 /web_post.asp Endpoint
Weaknesses CWE-119
CWE-20

Wed, 08 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and time.
References

Subscriptions

D-link Di-8003
Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-22T15:44:10.840Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50666

cve-icon Vulnrichment

Updated: 2026-04-10T15:37:15.995Z

cve-icon NVD

Status : Modified

Published: 2026-04-08T19:24:17.250

Modified: 2026-04-22T16:16:51.810

Link: CVE-2025-50666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:40:43Z

Weaknesses