Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and time.
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow exists in the DI-8003 model’s /web_post.asp endpoint due to improper handling of parameters such as name, en, user_id, log, and time sent via a crafted HTTP GET request. The flaw allows an attacker to overflow a memory buffer and potentially execute arbitrary code on the device, resulting in total loss of confidentiality, integrity, and availability.

Affected Systems

The affected system is a D‑Link DI‑8003 router running firmware version 16.07.26A1. No other products or versions are reported in the CVE data. The vulnerability is specific to that firmware release.

Risk and Exploitability

The CVSS score is not provided, but buffer overflow vulnerabilities are typically high severity and often result in remote code execution. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog, though a documented exploit is not known. The attack vector is inferred to be remote via an HTTP GET request to /web_post.asp, meaning that an attacker only needs network access to the device’s web interface to potentially exploit the flaw.

Generated by OpenCVE AI on April 8, 2026 at 19:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version where the vulnerability is fixed (consult D‑Link’s security advisories).
  • If a patch is not yet available, restrict external access to the device’s web interface (e.g., firewall rules, VPN).
  • Monitor traffic for anomalous requests to /web_post.asp and other endpoints.
  • Apply general security hygiene: keep firmware up to date and disable unused services.

Generated by OpenCVE AI on April 8, 2026 at 19:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D-Link DI-8003 /web_post.asp Endpoint
Weaknesses CWE-119
CWE-20

Wed, 08 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and time.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:41:16.813Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50666

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:24:17.250

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-50666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:44:33Z

Weaknesses