What is the CVSS score of CVE-2025-50657?

CVE-2025-50657 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of D-Link are affected by CVE-2025-50657?

CVE-2025-50657 is a high-severity buffer overflow in D-Link DI-8003 routers (firmware 16.07.26A1) that allows unauthenticated remote attackers to remotely crash the device and disrupt network…

How to fix or mitigate CVE-2025-50657?

Within 24 hours: Identify all D-Link DI-8003 devices running firmware 16.07.26A1 in your network inventory and document their locations and criticality. Within 7 days: Contact D-Link support to confirm patch availability timeline; implement network segmentation to restrict access to the /trace.asp endpoint from untrusted networks if patching is delayed. Within 30 days: Deploy vendor-released patch immediately upon availability or replace affected devices if no patch timeline is provided by D-Link.

D-Link CVE-2025-50657

EUVD-2025-209339 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-08 mitre

GHSA-wxjc-8jrx-5v2m

Buffer Overflow D-Link Stack Overflow

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 16:22 vuln.today

cvss_changed

EUVD ID Assigned

Apr 08, 2026 - 19:31 euvd

EUVD-2025-209339

Analysis Generated

Apr 08, 2026 - 19:31 vuln.today

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint.

AnalysisAI

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed pid parameter values in the /trace.asp endpoint. The vulnerability requires no user interaction and is exploitable over the network with low attack complexity, affecting network availability for enterprise routing infrastructure. No public exploit identified at time of analysis.

Technical ContextAI

Stack-based buffer overflow (CWE-121) caused by insufficient input validation on the pid parameter in the trace.asp diagnostic endpoint. The firmware fails to enforce bounds checking during buffer copy operations, allowing oversized input to corrupt stack memory and crash the routing service.

RemediationAI

No vendor-released patch identified at time of analysis. Monitor D-Link security bulletin page (https://www.dlink.com/en/security-bulletin/) for firmware updates addressing CVE-2025-50657. Interim mitigation: restrict administrative interface access to trusted management networks only through firewall rules, disable remote management features if not operationally required, and implement network segmentation to isolate vulnerable devices. Consider replacing affected units if extended support timelines cannot be confirmed. For additional vulnerability context, consult researcher disclosure at https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md and monitor NVD advisory updates at https://nvd.nist.gov/vuln/detail/CVE-2025-50657.