Skip to main content

D-Link EUVDEUVD-2025-209361

| CVE-2025-50671 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-04-08 mitre GHSA-95hh-fj32-cpj5
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2025-209361
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
CVE Published
Apr 08, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, user_id, shibie_name, time, act, log, and rpri.

AnalysisAI

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial of service through the /xwgl_ref.asp endpoint. Attackers exploit improper input validation by sending HTTP GET requests with excessively long strings in eight parameters (name, en, user_id, shibie_name, time, act, log, rpri), causing stack buffer overflow and device crash. Low observed exploitation activity (EPSS <1%). No public exploit identified at time of analysis. Affects network-accessible management interface without authentication requirements.

Technical ContextAI

Stack-based buffer overflow (CWE-121) occurs in /xwgl_ref.asp web management handler due to missing bounds validation on eight HTTP GET parameters. Firmware fails to limit input length before copying data to fixed-size stack buffers, enabling memory corruption and denial of service via remotely crafted requests (CVSS AV:N/AC:L/PR:N).

RemediationAI

No vendor-released patch identified at time of analysis. D-Link security bulletin (https://www.dlink.com/en/security-bulletin/) does not list remediation for CVE-2025-50671 as of current review. Recommended immediate actions: disable remote management access to /xwgl_ref.asp endpoint via firewall rules; restrict administrative interface access to trusted internal networks only; monitor D-Link security bulletin for firmware updates addressing this vulnerability. Consider hardware replacement if D-Link confirms end-of-life status for DI-8003 model without security patches. Implement network segmentation to isolate affected devices from untrusted networks until permanent fix becomes available.

More in D-Link

View all
CVE-2015-2051 HIGH POC
8.8 Feb 23

The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication re

CVE-2015-1187 CRITICAL POC
9.8 Sep 21

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr

CVE-2022-26258 CRITICAL POC
9.8 Mar 28

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set

CVE-2014-3936 CRITICAL POC
10.0 Jun 02

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (

CVE-2014-100005 HIGH POC
8.0 Jan 13

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0)

CVE-2015-2049 CRITICAL POC
9.0 Feb 23

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated use

CVE-2017-12943 CRITICAL POC
9.8 Aug 18

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?RE

CVE-2013-7389 MEDIUM POC
4.3 Jul 07

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), thi

CVE-2015-7245 HIGH POC
7.5 Apr 24

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remot

CVE-2024-57045 CRITICAL POC
9.8 Feb 18

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals

CVE-2013-10069 CRITICAL POC
10.0 Aug 05

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an

CVE-2013-10048 CRITICAL POC
9.3 Aug 01

An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmw

Share

EUVD-2025-209361 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy