A buffer overflow exists in the D‑Link DI‑8003 firmware 16.07.26A1 due to improper handling of the "s" parameter in the /web_list_opt.asp endpoint. When a crafted request is sent to this endpoint, the overflow can overwrite control data and potentially allow arbitrary code execution on the device. The vulnerability is a classic stack-based buffer overflow.

The affected device is the D‑Link DI‑8003 router running firmware version 16.07.26A1. No other products or vendors were identified in the advisory.

The CVSS score is not provided, and EPSS is unavailable, but because the flaw enables remote code execution via a web request, it is considered high risk. The absence of a KEV listing does not reduce the potential for exploitation. Attackers would need network connectivity to the device and could exploit the flaw by sending a malicious request to /web_list_opt.asp, potentially gaining full control of the router.