CVE-2025-50673

| EUVD-2025-209363 HIGH
2026-04-08 mitre GHSA-5qqr-9hw8-qvc9
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2025-209363
CVE Published
Apr 08, 2026 - 00:00 nvd
HIGH 7.5

Tags

D-Link Buffer Overflow

Description

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint.

Analysis

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 allows unauthenticated remote attackers to trigger denial-of-service conditions by sending malformed http_lanport parameter values to the /webgl.asp endpoint. Network-accessible attack requires no user interaction or privileges. Exploitation causes availability impact only with no confidentiality or integrity compromise. Low observed exploitation activity (EPSS <1%). No public exploit identified at time of analysis.

Technical Context

Classic stack/heap buffer overflow (CWE-120) caused by insufficient input validation on http_lanport parameter processing in web management interface. Improper bounds checking allows oversized input to corrupt memory, triggering application crash without enabling code execution or data exfiltration per CVSS impact metrics (C:N/I:N/A:H).

Affected Products

D-Link DI-8003 industrial router, firmware version 16.07.26A1. Vendor D-Link Corporation. Specific version range unknown; only 16.07.26A1 confirmed vulnerable.

Remediation

No vendor-released patch identified at time of analysis. Monitor D-Link security bulletin at https://www.dlink.com/en/security-bulletin/ for forthcoming firmware updates addressing CVE-2025-50673. Interim mitigations: restrict management interface access to trusted administrative networks only via firewall rules, disable remote web administration if not operationally required, implement network segmentation isolating affected devices from untrusted networks. Consider replacing device if vendor discontinues support. Verify current support status before deployment decisions. Reference NVD entry https://nvd.nist.gov/vuln/detail/CVE-2025-50673 for updated remediation guidance.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2025-50673 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy