EUVD-2025-209353

| CVE-2025-50665 HIGH
2026-04-08 mitre GHSA-vgrj-r347-cwxq
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2025-209353
CVE Published
Apr 08, 2026 - 00:00 nvd
HIGH 7.5

Tags

D-Link Buffer Overflow

Description

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and mem_utf8 parameters.

Analysis

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through crafted HTTP GET requests to /web_keyword.asp endpoint. Attackers exploit improper input validation in name, en, time, mem_gb2312, and mem_utf8 parameters to trigger memory corruption, causing device unavailability. CVSS 7.5 (High) severity reflects network-accessible attack vector requiring no user interaction or privileges. No public exploit identified at time of analysis; low observed exploitation activity.

Technical Context

CWE-120 stack-based buffer overflow caused by insufficient bounds checking on user-supplied input to web management interface parameters. Vulnerability resides in legacy firmware web server parsing routines handling UTF-8 and GB2312 character encoding parameters, enabling memory overwrite conditions that crash device service availability without confidentiality or integrity impact per CVSS vector.

Affected Products

D-Link DI-8003 Gigabit VPN Router, firmware version 16.07.26A1. Vendor: D-Link Corporation. Specific CPE not available in vulnerability database records.

Remediation

No vendor-released patch identified at time of analysis. D-Link has not published specific firmware updates addressing CVE-2025-50665 in official security bulletins (https://www.dlink.com/en/security-bulletin/). Affected organizations should immediately isolate DI-8003 devices from untrusted networks, restrict web management interface access to trusted administrator IP ranges via firewall rules, and disable remote administration features if not operationally required. Monitor D-Link security bulletin page for future firmware releases. Consider replacement with actively supported hardware if device has reached end-of-life status. Consult vendor advisories and VulDB entry (https://vuldb.com/vuln/356313) for additional threat intelligence and potential vendor communications.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

EUVD-2025-209353 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy