Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /web_list_opt.asp endpoint.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow located in the /web_list_opt.asp endpoint of the D‑Link DI‑8003 web interface. Improper handling of the s parameter allows an attacker to overflow a local buffer, leading to memory corruption. Based on the description, it is inferred that an attacker could exploit this overflow to execute arbitrary code on the device, although the CVE text does not confirm a successful exploit. This weakness falls under buffer overflow (CWE‑120) and could compromise the confidentiality, integrity, or availability of the device if exploited. The CVSS base score of 7.5 indicates a high severity scenario.

Affected Systems

Products affected by this vulnerability are the D‑Link DI‑8003 router running firmware version 16.07.26A1. The CVE does not mention later firmware revisions as affected, and no other versions are listed in the advisory.

Risk and Exploitability

The CVSS score of 7.5 reflects a high severity risk, while an EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not present in the CISA KEV catalog. The likely attack vector is remote via the device’s web interface, requiring network reachability to the router. Exploitation would involve sending a maliciously crafted s parameter to trigger the buffer overflow.

Generated by OpenCVE AI on April 10, 2026 at 23:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to the latest release available from D‑Link.
  • If a newer firmware update is not available, restrict external access to the device’s web interface or block traffic to the /web_list_opt.asp endpoint.
  • Monitor network traffic for anomalous requests targeting the DI‑8003 web interface to detect potential exploitation attempts.

Generated by OpenCVE AI on April 10, 2026 at 23:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D-Link DI-8003 Web Interface

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink di-8003 Firmware

Fri, 10 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D-Link DI-8003 Web Interface
First Time appeared Dlink
Dlink di-8003
Weaknesses CWE-120
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /web_list_opt.asp endpoint.
References

Subscriptions

Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T15:40:48.569Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50668

cve-icon Vulnrichment

Updated: 2026-04-10T15:37:13.239Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T19:24:17.473

Modified: 2026-04-10T21:14:42.713

Link: CVE-2025-50668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:26:04Z

Weaknesses