How to fix CVE-2025-50663?

Within 24 hours: Inventory all D-Link DI-8003 routers and identify those running firmware version 16.07.26A1. Within 7 days: Check D-Link support portal for available firmware updates beyond 16.07.26A1; if updates exist, plan and schedule firmware upgrades during maintenance windows. Within 30 days: Complete firmware upgrade on all affected devices to the latest available version, and implement network access controls restricting /usb_paswd.asp endpoint to trusted administrative networks only.

Is Stack Overflow affected by CVE-2025-50663?

D-Link DI-8003 routers running firmware 16.07.26A1 are vulnerable to unauthenticated remote denial-of-service attacks through a buffer overflow in the administrative interface, potentially disrupting network connectivity for affected organizations.

CVE-2025-50663

EUVD-2025-209349 HIGH

2026-04-08 mitre

GHSA-v9v4-x4hg-jg4g

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 08, 2026 - 19:31 vuln.today

EUVD ID Assigned

Apr 08, 2026 - 19:31 euvd

EUVD-2025-209349

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

Description

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.

Analysis

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via crafted name parameter to /usb_paswd.asp endpoint. Stack-based buffer overflow (CWE-121) triggers memory corruption leading to service disruption. Affects network-accessible administrative interfaces without authentication barrier (CVSS AV:N/PR:N). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%).

Technical Context

Root cause is stack-based buffer overflow (CWE-121) in usb_paswd.asp endpoint name parameter handler. Insufficient input validation allows unbounded data copying to fixed-size stack buffer. Memory corruption prevents controlled code execution but triggers denial-of-service through application crash or resource exhaustion. Network-reachable attack surface requires no privileges.

Affected Products

D-Link DI-8003 router, firmware version 16.07.26A1. Vendor: D-Link Corporation. CPE data incomplete (cpe:2.3:a:n/a:n/a). Specific to DI-8003 hardware platform running identified firmware build.

Remediation

No vendor-released patch identified at time of analysis. Immediately restrict network access to administrative interfaces (/usb_paswd.asp and related endpoints) using firewall rules or ACLs limiting access to trusted management networks only. Disable remote administration features if not operationally required. Monitor D-Link security bulletin portal for firmware updates: https://www.dlink.com/en/security-bulletin/. Consider device replacement if vendor discontinues support for DI-8003 platform. Implement network segmentation to isolate vulnerable devices from untrusted networks. Review VulDB advisory for technical details: https://vuldb.com/vuln/356357.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2025-50663 vulnerability details – vuln.today

Back

CVE-2025-50663

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-50663

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code