CVE-2025-50671
Published: 08 April 2026
Summary
CVE-2025-50671 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dlink Di-8003 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the buffer overflow by requiring validation and sanitization of HTTP GET parameters like name and user_id to reject excessively long strings.
Mandates timely remediation of the specific buffer overflow flaw via vendor firmware patches as detailed in D-Link security bulletins.
Implements memory protections such as stack guards or non-executable stacks to prevent successful exploitation of the buffer overflow even if invalid input is processed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in unauthenticated web endpoint enables remote exploitation of public-facing application (T1190) resulting in endpoint DoS via application/system crash (T1499.004).
NVD Description
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en,…
more
user_id, shibie_name, time, act, log, and rpri.
Deeper analysisAI
CVE-2025-50671 is a buffer overflow vulnerability (CWE-121) affecting the D-Link DI-8003 device running firmware version 16.07.26A1. The flaw arises from improper handling of parameters in the /xwgl_ref.asp web endpoint, which can be triggered by excessively long strings in specific GET request parameters including name, en, user_id, shibie_name, time, act, log, and rpri. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for remote disruption without authentication or user interaction.
An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity by crafting and sending a malicious HTTP GET request to the affected endpoint. Exploitation results in a denial-of-service condition, as indicated by the high availability impact in the CVSS vector, potentially crashing the device and rendering it unresponsive.
Mitigation guidance is available in vendor advisories; security practitioners should consult the D-Link security bulletin at https://www.dlink.com/en/security-bulletin/ and the IoT vulnerability collection entry at https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md for details on patches or workarounds. The CVE was published on 2026-04-08T19:24:17.803.
Details
- CWE(s)