CVE-2025-50645

| EUVD-2025-209323 HIGH
2026-04-08 mitre GHSA-p8cj-q9g4-r46p
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2025-209323
CVE Published
Apr 08, 2026 - 00:00 nvd
HIGH 7.5

Tags

D-Link Buffer Overflow

Description

A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow condition.

Analysis

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial of service attacks. Attackers can trigger memory corruption by submitting oversized 's' parameter values to the pppoe_list_opt.asp endpoint without authentication, causing device unavailability. CVSS 7.5 severity reflects network-accessible attack vector with low complexity. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Technical Context

CWE-120 classic stack-based buffer overflow in web management interface parameter handling. The pppoe_list_opt.asp endpoint performs inadequate bounds checking on user-supplied 's' parameter before memory copy operations, allowing heap/stack corruption. Network-reachable attack surface (AV:N) with no privilege requirements (PR:N) enables trivial exploitation against internet-facing devices.

Affected Products

D-Link DI-8003 industrial router, firmware version 16.07.26A1. Vendor: D-Link Corporation. Precise CPE enumeration unavailable in source data beyond generic placeholder.

Remediation

No vendor-released patch identified at time of analysis. D-Link has not published firmware updates for DI-8003 addressing CVE-2025-50645 according to official security bulletin (https://www.dlink.com/en/security-bulletin/). Recommended immediate actions: (1) isolate affected DI-8003 devices from untrusted networks using firewall rules; (2) disable remote administration interfaces if business requirements permit; (3) implement strict network segmentation to prevent internet exposure of management endpoints; (4) monitor vendor advisory page for future firmware releases. Organizations requiring PPPoE functionality should evaluate migration to actively-maintained hardware platforms. Rate-limit HTTP requests to management interfaces as temporary containment.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2025-50645 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy