What is the CVSS score of CVE-2025-50650?

CVE-2025-50650 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of D-Link are affected by CVE-2025-50650?

A buffer overflow in D-Link DI-8003 router firmware version 16.07.26A1 allows unauthenticated attackers to remotely crash the device, causing network outages for affected organizations.

How to fix or mitigate CVE-2025-50650?

Within 24 hours: Inventory all D-Link DI-8003 devices running firmware 16.07.26A1 and isolate them from untrusted networks or implement network segmentation. Within 7 days: Contact D-Link support to confirm patch availability timeline; if unavailable, evaluate replacement hardware or enable network-level access controls to restrict connections to the /router.asp endpoint. Within 30 days: Deploy replacement devices or apply vendor patch immediately upon release and validate through testing.

D-Link CVE-2025-50650

EUVD-2025-209332 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-08 mitre

GHSA-54gh-q87h-jhhm

Buffer Overflow D-Link

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 16:22 vuln.today

cvss_changed

EUVD ID Assigned

Apr 08, 2026 - 19:31 euvd

EUVD-2025-209332

Analysis Generated

Apr 08, 2026 - 19:31 vuln.today

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.

AnalysisAI

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via malformed routes_static parameter to /router.asp endpoint. The vulnerability permits network-accessible attackers to crash the device without credentials or user interaction. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects complete availability impact with network attack vector and low complexity.

Technical ContextAI

CWE-120 classic buffer overflow stems from missing input size validation on routes_static parameter in router configuration interface. Unbounded copy operation allows oversized input to corrupt stack/heap memory, triggering crash conditions. Network-accessible endpoint accepts unauthenticated requests (PR:N), enabling trivial exploitation without authentication bypass.

RemediationAI

No vendor-released patch identified at time of analysis. Monitor D-Link security bulletin portal at https://www.dlink.com/en/security-bulletin/ for firmware updates addressing CVE-2025-50650. Immediate mitigation: restrict administrative interface access to trusted management networks via firewall rules, blocking external access to /router.asp and related configuration endpoints. Disable remote management features if not operationally required. Deploy network segmentation to isolate affected devices from untrusted networks. Consider replacing device if vendor discontinues support or delays patching beyond organizational risk tolerance thresholds.