What is the CVSS score of CVE-2025-50662?

CVE-2025-50662 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of D-Link are affected by CVE-2025-50662?

CVE-2025-50662 affects D-Link DI-8003 routers running firmware 16.07.26A1, enabling remote denial-of-service attacks that can crash devices and disrupt network connectivity without requiring…

How to fix or mitigate CVE-2025-50662?

Within 24 hours: Identify all D-Link DI-8003 devices in your environment and document firmware versions via device management system or network inventory. Within 7 days: Restrict network access to /url_group.asp endpoint and router management interfaces using firewall rules (limit to administrative networks only); contact D-Link support to confirm patch timeline for firmware version 16.07.26A1. Within 30 days: Deploy vendor-released firmware patch immediately upon availability; if unavailable, implement network segmentation to isolate affected routers and deploy intrusion detection signatures targeting crafted requests to the vulnerable endpoint.

D-Link CVE-2025-50662

EUVD-2025-209347 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-08 mitre

GHSA-93wf-gj63-8mcf

Buffer Overflow D-Link Stack Overflow

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 16:22 vuln.today

cvss_changed

EUVD ID Assigned

Apr 08, 2026 - 19:31 euvd

EUVD-2025-209347

Analysis Generated

Apr 08, 2026 - 19:31 vuln.today

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.

AnalysisAI

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via crafted name parameter to /url_group.asp endpoint. Attackers can trigger stack-based buffer overflow remotely over network without user interaction, causing high availability impact through service disruption or device crash. No public exploit identified at time of analysis. CVSS 7.5 severity reflects network-accessible attack vector with low complexity.

Technical ContextAI

Stack-based buffer overflow (CWE-121) in /url_group.asp endpoint lacks input validation on name parameter length. Improper bounds checking allows oversized input to corrupt stack memory, triggering denial-of-service condition. Attack requires no authentication (PR:N) and exploits web management interface directly accessible over network.

RemediationAI

No vendor-released patch identified at time of analysis. D-Link has not published specific security advisory addressing CVE-2025-50662 for DI-8003 16.07.26A1 firmware. Recommended immediate mitigations: restrict web management interface access to trusted internal networks only via firewall rules, disable remote administration if not operationally required, implement network segmentation isolating device from untrusted networks. Monitor D-Link security bulletin portal at https://www.dlink.com/en/security-bulletin/ for future firmware updates. Consider hardware replacement if device reaches end-of-support lifecycle. Low observed exploitation activity (EPSS <1%) suggests limited active targeting currently.