EUVD-2025-209360

| CVE-2025-50670 HIGH
2026-04-08 mitre GHSA-rg42-2jgq-39w3
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2025-209360
CVE Published
Apr 08, 2026 - 00:00 nvd
HIGH 7.5

Tags

D-Link Buffer Overflow

Description

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters.

Analysis

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via crafted HTTP GET requests to /xwgl_bwr.asp endpoint. Exploitation occurs through oversized name, qq, or time parameters causing memory corruption. CVSS score 7.5 reflects high availability impact without confidentiality or integrity compromise. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS <1%).

Technical Context

CWE-120 classic stack-based buffer overflow in embedded web server handler. Vulnerability originates from missing input validation on GET parameters processed by xwgl_bwr.asp endpoint, allowing attacker-controlled data to exceed allocated buffer boundaries. CVSS vector AV:N/AC:L/PR:N indicates remotely exploitable without authentication or complex conditions.

Affected Products

D-Link DI-8003 router, firmware version 16.07.26A1. Vendor D-Link Corporation. Specific CPE unavailable in authoritative sources.

Remediation

No vendor-released patch identified at time of analysis. D-Link has not published firmware updates addressing CVE-2025-50670 for DI-8003 16.07.26A1 as of current advisories. Monitor D-Link Security Bulletin (https://www.dlink.com/en/security-bulletin/) for future firmware releases. Immediate mitigations: restrict administrative interface access via firewall rules permitting only trusted IP ranges, disable remote management features if not operationally required, deploy network segmentation isolating affected devices from untrusted networks. Consider device replacement if end-of-life status prevents patching. Reference VulDB advisory https://vuldb.com/vuln/356346 for additional technical details.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

EUVD-2025-209360 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy