How to fix CVE-2025-50650?

Within 24 hours: Inventory all D-Link DI-8003 devices running firmware 16.07.26A1 and isolate them from untrusted networks or implement network segmentation. Within 7 days: Contact D-Link support to confirm patch availability timeline; if unavailable, evaluate replacement hardware or enable network-level access controls to restrict connections to the /router.asp endpoint. Within 30 days: Deploy replacement devices or apply vendor patch immediately upon release and validate through testing.

Is D-Link affected by CVE-2025-50650?

A buffer overflow in D-Link DI-8003 router firmware version 16.07.26A1 allows unauthenticated attackers to remotely crash the device, causing network outages for affected organizations.

CVE-2025-50650

EUVD-2025-209332 HIGH

2026-04-08 mitre

GHSA-54gh-q87h-jhhm

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 08, 2026 - 19:31 vuln.today

EUVD ID Assigned

Apr 08, 2026 - 19:31 euvd

EUVD-2025-209332

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

Description

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.

Analysis

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via malformed routes_static parameter to /router.asp endpoint. The vulnerability permits network-accessible attackers to crash the device without credentials or user interaction. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects complete availability impact with network attack vector and low complexity.

Technical Context

CWE-120 classic buffer overflow stems from missing input size validation on routes_static parameter in router configuration interface. Unbounded copy operation allows oversized input to corrupt stack/heap memory, triggering crash conditions. Network-accessible endpoint accepts unauthenticated requests (PR:N), enabling trivial exploitation without authentication bypass.

Affected Products

D-Link DI-8003 router, firmware version 16.07.26A1. Vendor: D-Link. Specific CPE unavailable; generic placeholder cpe:2.3:a:n/a:n/a applies.

Remediation

No vendor-released patch identified at time of analysis. Monitor D-Link security bulletin portal at https://www.dlink.com/en/security-bulletin/ for firmware updates addressing CVE-2025-50650. Immediate mitigation: restrict administrative interface access to trusted management networks via firewall rules, blocking external access to /router.asp and related configuration endpoints. Disable remote management features if not operationally required. Deploy network segmentation to isolate affected devices from untrusted networks. Consider replacing device if vendor discontinues support or delays patching beyond organizational risk tolerance thresholds.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2025-50650 vulnerability details – vuln.today

Back

CVE-2025-50650

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-50650

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code