CVE-2025-50665
Published: 08 April 2026
Summary
CVE-2025-50665 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Di-8003 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflow exploitation by enforcing validation of crafted HTTP GET parameters (name, en, time, mem_gb2312, mem_utf8) in the /web_keyword.asp endpoint.
Requires timely patching of the specific buffer overflow flaw via D-Link firmware update detailed in security advisory SAP10505.
Provides memory protections like non-executable memory or ASLR to mitigate buffer overflow impacts, reducing the likelihood of device crash from improper input handling.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated network exploitation of web endpoint buffer overflow directly matches T1190; resulting device crash/reboot is T1499.004 application/system exploitation for DoS.
NVD Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and…
more
mem_utf8 parameters.
Deeper analysisAI
CVE-2025-50665 is a buffer overflow vulnerability (CWE-120) in the D-Link DI-8003 device running firmware version 16.07.26A1. The flaw stems from improper handling of input parameters in the /web_keyword.asp endpoint, specifically the name, en, time, mem_gb2312, and mem_utf8 parameters processed in HTTP GET requests.
An unauthenticated attacker with network access can exploit this vulnerability by sending a specially crafted HTTP GET request to the affected endpoint. According to the CVSS v3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), exploitation requires low complexity, no privileges or user interaction, and results in high availability impact, enabling a denial-of-service condition such as device crash or reboot.
D-Link has issued security advisory SAP10505 detailing the issue, accessible at https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10505, alongside a general security bulletin page at https://www.dlink.com/en/security-bulletin/. Additional documentation appears in vulnerability collections like https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md.
Details
- CWE(s)