Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution via buffer overflow
Action: Patch
AI Analysis

Impact

A buffer overflow vulnerability exists in D‑Link DI‑8003 firmware 16.07.26A1 caused by improper handling of the http_lanport parameter in the /webgl.asp endpoint. This allows an attacker to provide an overly long or crafted value that overflows memory and can potentially execute arbitrary code, compromising the device’s confidentiality, integrity, or availability. The weakness is a classic stack-based buffer overflow (CWE‑120).

Affected Systems

The affected product is D‑Link DI‑8003 running firmware version 16.07.26A1. No other versions or products are listed as affected.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is via an HTTP request sent to the /webgl.asp endpoint, which can be accessed from devices on the local network, allowing a local network adversary to exploit the overflow.

Generated by OpenCVE AI on April 13, 2026 at 15:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a firmware update that removes the vulnerability, if one is available from D‑Link.
  • If no update exists, restrict or disable access to the /webgl.asp endpoint from untrusted networks.
  • Monitor the device for suspicious activity or attempts to exploit the endpoint.

Generated by OpenCVE AI on April 13, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 /webgl.asp Allows Remote Code Execution

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 via http_lanport Parameter
Weaknesses CWE-119

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8003
Dlink di-8003 Firmware
CPEs cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink di-8003
Dlink di-8003 Firmware

Fri, 10 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link di-8003
Vendors & Products D-link
D-link di-8003

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8003 via http_lanport Parameter
Weaknesses CWE-119

Wed, 08 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint.
References

Subscriptions

D-link Di-8003
Dlink Di-8003 Di-8003 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T15:40:20.741Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50673

cve-icon Vulnrichment

Updated: 2026-04-10T15:37:08.844Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T19:24:18.040

Modified: 2026-04-10T21:13:57.867

Link: CVE-2025-50673

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:40:41Z

Weaknesses