CVE-2025-50660
Published: 08 April 2026
Summary
CVE-2025-50660 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dlink Di-8003 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely remediation of the known buffer overflow flaw through application of the D-Link firmware patch from advisory SAP10505.
Prevents exploitation of the buffer overflow by enforcing input validation mechanisms on the 'name' parameter at the /url_member.asp endpoint to reject overly long or malformed inputs.
Limits the impact of the unauthenticated remote DoS attack by implementing protections against denial-of-service events such as those triggered by crafted requests causing device crashes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public web endpoint enables remote unauthenticated exploitation (T1190) leading to system/application DoS via crash/reboot (T1499.004).
NVD Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint.
Deeper analysisAI
CVE-2025-50660 is a buffer overflow vulnerability (CWE-121) affecting the D-Link DI-8003 device running firmware version 16.07.26A1. The flaw stems from improper handling of the "name" parameter in the /url_member.asp endpoint, which can lead to memory corruption when processing overly long inputs.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low attack complexity, no authentication or user interaction required, and unchanged impact scope. An unauthenticated remote attacker can send a specially crafted request to the vulnerable endpoint, triggering the buffer overflow and causing a denial-of-service condition through high availability disruption, such as device crashes or reboots.
D-Link has published security advisory SAP10505 addressing this issue, accessible at https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10505. Further details appear on D-Link's security bulletin page at https://www.dlink.com/en/security-bulletin/, with additional context in the IoT vulnerability collection at https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md. Security practitioners should review these resources for patch information and recommended mitigations.
Details
- CWE(s)