CVE-2025-50650
Published: 08 April 2026
Summary
CVE-2025-50650 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Di-8003 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of input size for parameters like routes_static in HTTP endpoints to prevent buffer overflows.
Mandates timely identification, reporting, and correction of flaws such as this buffer overflow via firmware patching as advised by D-Link.
Protects against remote denial-of-service impacts like device crashes or reboots caused by crafted oversized HTTP requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public web endpoint (/router.asp) directly enables remote exploitation of a network device via crafted HTTP request (T1190).
NVD Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.
Deeper analysisAI
A buffer overflow vulnerability, tracked as CVE-2025-50650 and published on 2026-04-08, affects the D-Link DI-8003 router running firmware version 16.07.26A1. The issue stems from inadequate validation of input size in the routes_static parameter processed by the /router.asp endpoint, corresponding to CWE-120. It has a CVSS v3.1 base score of 7.5, rated as high severity due to its potential for remote denial-of-service impact.
An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required. By sending a specially crafted HTTP request to the /router.asp endpoint with an oversized routes_static parameter, the attacker triggers a buffer overflow, resulting in high availability impact such as device crashes or reboots, while confidentiality and integrity remain unaffected.
D-Link has published mitigation guidance in security advisories, including SAP10505 at https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10505 and the general security bulletin page at https://www.dlink.com/en/security-bulletin/. Additional details appear in the IoT vulnerability collection at https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md. Security practitioners should consult these for patching instructions or workarounds specific to the affected firmware.
Details
- CWE(s)