Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_dlink.asp endpoint.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow exists in the D‑Link DI‑8003 router firmware version 16.07.26A1 caused by improper handling of parameters in the /yyxz_dlink.asp endpoint. The flaw allows a remote attacker to supply oversized input, potentially overrunning memory and enabling arbitrary code execution or causing the device to crash. The weakness is classified as CWE‑120.

Affected Systems

The affected product is the D‑Link DI‑8003 router running firmware version 16.07.26A1. No other versions are mentioned in the data, so only this version is confirmed as vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 7.5, indicating high severity. EPSS is below 1 %, suggesting low likelihood of exploitation at present, and it is not listed in the CISA KEV catalog. The likely attack vector is over the network, where an attacker sends a specially crafted HTTP request to the exposed /yyxz_dlink.asp page, triggering the overflow. If exploited, the attacker could gain code execution privileges on the router.

Generated by OpenCVE AI on April 10, 2026 at 22:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router to the latest firmware released by D‑Link for the DI‑8003 model.
  • Until an upgrade is available, block external access to the /yyxz_dlink.asp endpoint using firewall rules or router access control lists.
  • Monitor the device for anomalous traffic or crashes and apply security patches as soon as they are released.

Generated by OpenCVE AI on April 10, 2026 at 22:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 Router via /yyxz_dlink.asp

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink di-8003 Firmware

Fri, 10 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 Router via /yyxz_dlink.asp
First Time appeared Dlink
Dlink di-8003
Weaknesses CWE-120
Vendors & Products Dlink
Dlink di-8003

Wed, 08 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_dlink.asp endpoint.
References

Subscriptions

Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T15:40:26.971Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50672

cve-icon Vulnrichment

Updated: 2026-04-10T15:37:09.911Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T19:24:17.913

Modified: 2026-04-10T21:14:09.823

Link: CVE-2025-50672

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:25:59Z

Weaknesses