The vulnerability is a stack-based buffer overflow caused by improper handling of parameters in the /yyxz_dlink.asp endpoint of the D‑Link DI‑8003 router. An attacker able to trigger the overflow may inject malicious code or cause a crash, leading to control over the device or denial of service. This weakness allows an attacker to compromise confidentiality, integrity, and availability of the firmware influencing all traffic passing through the router.

Only the D‑Link DI‑8003 router running firmware version 16.07.26A1 is reported as affected. No other vendors, products, or firmware revisions are listed.

The CVE is not included in the CISA KEV database and no EPSS score is available, yet the nature of the flaw is known to allow remote code execution. The attack requires network access to the device’s web interface, specifically the /yyxz_dlink.asp page, and may require crafting of a carefully constructed request. Without a publicly available exploit, the likelihood of real‑world attacks is uncertain, but given the severity of buffer overflows, the risk to any organization running the vulnerable firmware remains significant.