CVE-2025-50652

| EUVD-2025-209333 HIGH
2026-04-08 mitre GHSA-65xw-5c62-72j7
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2025-209333
CVE Published
Apr 08, 2026 - 00:00 nvd
HIGH 7.5

Tags

D-Link Buffer Overflow

Description

An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint.

Analysis

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed id parameter input to /saveparm_usb.asp endpoint. Exploitation requires network access to administrative interface without authentication. CWE-120 classification indicates classic buffer overflow allowing memory corruption. CVSS vector confirms network-exploitable, unauthenticated attack path with high availability impact but no data confidentiality or integrity compromise. No public exploit identified at time of analysis.

Technical Context

CWE-120 buffer overflow stems from insufficient input validation on id parameter at /saveparm_usb.asp. Unbounded memory copy operation allows oversized inputs to corrupt stack/heap memory structures, crashing routing processes. CVSS complexity rating (AC:L) indicates trivial exploitation requiring only HTTP parameter manipulation without timing or race conditions.

Affected Products

D-Link DI-8003 industrial router firmware version 16.07.26A1. Vendor D-Link. Specific CPE unavailable; impacts confirmed single firmware build on DI-8003 hardware platform.

Remediation

No vendor-released patch identified at time of analysis. D-Link security bulletin (https://www.dlink.com/en/security-bulletin/) should be monitored for firmware updates addressing CVE-2025-50652. Immediate mitigations: restrict administrative interface access to trusted management networks using firewall rules, disable external WAN-side access to web management ports (typically TCP 80/443), implement network segmentation isolating DI-8003 devices from untrusted networks. If device supports it, disable USB configuration functionality at /saveparm_usb.asp if not operationally required. Organizations unable to implement network controls should consider device replacement with patched alternative until D-Link releases firmware fix. Validate vendor advisory for product end-of-life status impacting patch availability.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2025-50652 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy