Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, user_id, shibie_name, time, act, log, and rpri.
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

A buffer overflow exists in the /xwgl_ref.asp endpoint of D‑Link DI‑8003 firmware 16.07.26A1 due to improper handling of several query parameters. By sending a crafted HTTP GET request containing excessively long strings in the name, en, user_id, shibie_name, time, act, log, and rpri parameters, an attacker may trigger memory corruption that could lead to arbitrary code execution on the device.

Affected Systems

The affected system is the D‑Link DI‑8003 network device running firmware version 16.07.26A1. No other vendors or products are listed.

Risk and Exploitability

The vulnerability is remotely exploitable via HTTP requests, but CVSS, EPSS, and KEV data are not provided. Because the flaw is a classic buffer overflow, the potential impact is high, yet the likelihood of exploitation remains uncertain due to the lack of publicly disclosed exploits.

Generated by OpenCVE AI on April 8, 2026 at 19:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest D‑Link firmware update that addresses the /xwgl_ref.asp buffer overflow.
  • If an update is unavailable, limit network access to the device’s management interface or block the /xwgl_ref.asp endpoint from untrusted sources.
  • Monitor device logs for suspicious GET requests and look for signs of memory corruption or unauthorized code execution.

Generated by OpenCVE AI on April 8, 2026 at 19:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /xwgl_ref.asp Allows Remote Attack
First Time appeared Dlink
Dlink di-8003
Weaknesses CWE-119
CWE-787
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, user_id, shibie_name, time, act, log, and rpri.
References

Subscriptions

Dlink Di-8003
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:48:58.663Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50671

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:24:17.803

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-50671

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:45:04Z

Weaknesses