How to fix CVE-2025-50654?

Within 24 hours: Inventory all D-Link DI-8003 devices and confirm firmware version 16.07.26A1 presence; isolate affected routers to a restricted management network if patch unavailable. Within 7 days: Contact D-Link support to confirm patch timeline and explore firmware update options; implement network-based controls (WAF/IPS rules) to block malformed requests to /thd_member.asp endpoint. Within 30 days: Replace or upgrade affected DI-8003 units to supported firmware versions if vendor releases patches; conduct post-remediation validation testing.

Is D-Link affected by CVE-2025-50654?

D-Link DI-8003 routers running firmware 16.07.26A1 contain an unauthenticated buffer overflow vulnerability that allows remote attackers to crash affected devices, disrupting network availability.

CVE-2025-50654

EUVD-2025-209335 HIGH

2026-04-08 mitre

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 08, 2026 - 19:31 vuln.today

EUVD ID Assigned

Apr 08, 2026 - 19:31 euvd

EUVD-2025-209335

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

Description

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.

Analysis

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed id parameter in /thd_member.asp endpoint. Exploiting this CWE-120 flaw requires no authentication (CVSS:PR:N) and permits network-based attackers to crash device availability with low complexity. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%). Affects D-Link network infrastructure devices running vulnerable firmware version.

Technical Context

CWE-120 stack-based or heap-based buffer overflow in /thd_member.asp endpoint web interface processing. Insufficient bounds checking on id parameter allows oversized input to corrupt memory structures, triggering service crash. Network-accessible attack vector (AV:N) with no preconditions beyond reachability of management interface. Exclusively impacts availability (CVSS:C:N/I:N/A:H).

Affected Products

D-Link DI-8003 router, firmware version 16.07.26A1. Vendor D-Link. No standardized CPE available.

Remediation

No vendor-released patch identified at time of analysis. Consult D-Link security bulletin at https://www.dlink.com/en/security-bulletin/ for firmware updates addressing CVE-2025-50654. Until patched firmware becomes available, implement network-layer access controls restricting management interface exposure to trusted administrative networks only. Deploy firewall rules blocking external access to /thd_member.asp and related web management paths. Monitor D-Link advisories for 16.07.26A1 successor release. Consider device replacement if vendor discontinues support. Disable remote administration features if operationally feasible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2025-50654 vulnerability details – vuln.today

Back

CVE-2025-50654

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-50654

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code