CVE-2025-50647
Published: 08 April 2026
Summary
CVE-2025-50647 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Di-8003 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of flaws like this buffer overflow vulnerability through vendor patches as issued by D-Link in advisories such as SAP10505.
Mandates validation of inputs such as the 'wans' parameter in the qos.asp endpoint to prevent buffer overflows from malformed data.
Implements memory protections like stack canaries or non-executable memory to mitigate exploitation of the buffer overflow leading to device crash.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in unauthenticated web parameter (qos.asp/wans) directly enables remote exploitation of public-facing application (T1190) resulting in endpoint DoS via device crash (T1499).
NVD Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint.
Deeper analysisAI
CVE-2025-50647 is a buffer overflow vulnerability, classified under CWE-120, affecting the D-Link DI-8003 device on firmware version 16.07.26A1. The flaw occurs specifically in the handling of the "wans" parameter within the qos.asp endpoint. Published on 2026-04-08, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating significant availability impact with no effects on confidentiality or integrity.
Attackers can exploit this vulnerability remotely over the network without authentication privileges, user interaction, or high complexity. Exploitation triggers a buffer overflow, resulting in a denial-of-service condition through device crash or disruption, given the high availability impact score.
D-Link has issued related security advisories, including publication SAP10505 available at https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10505 and the general security bulletin page at https://www.dlink.com/en/security-bulletin/. Additional details appear in the IoT vulnerability collection at https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md, which security practitioners should consult for mitigation and patch guidance.
Details
- CWE(s)