{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-50664", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-08T17:37:29.022Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:37:29.022Z"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr."}], "id": "CVE-2025-50664", "lastModified": "2026-04-08T19:24:17.033", "metrics": {}, "published": "2026-04-08T19:24:17.033", "references": [{"source": "cve@mitre.org", "url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}, {"source": "cve@mitre.org", "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.07.26A1"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "di-8003", "vendor": "dlink"}], "analysis": {"en": {"generated_at": "2026-04-08T19:56:47.195343+00:00", "value": {"mitigation_remediation": ["Check D\u2011Link\u2019s security bulletin for any firmware update addressing this issue", "If an update is unavailable, restrict external access to the device\u2019s web management interface by placing it behind a firewall or VPN", "Consider temporarily disabling the /user_group.asp endpoint if feasible", "Implement network segmentation to limit exposure of the router to untrusted traffic", "Monitor logs for unusual HTTP GET requests targeting /user_group.asp"], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is D\u2011Link DI\u20118003 running firmware version 16.07.26A1. No other versions or vendors were listed, so remediation applies only to this specific firmware build.", "description_and_impact": "A buffer overflow flaw exists in the D-Link DI-8003 router within the /user_group.asp endpoint. Because the system does not properly bound the name, mem, pri, and attr parameters, a crafted HTTP GET request can corrupt memory and potentially allow execution of arbitrary code. The vulnerability is a classic stack\u2011based overflow, classified under the weakness of improper restriction of operations within the bounds of a buffer. Attackers who exploit this flaw can gain covert control over the device, compromising confidentiality, integrity, and availability of the network it serves.", "risk_and_exploitability": "The vulnerability is exposed via the web interface and can be triggered from any network that can reach the router\u2019s HTTP service. No CVSS score is supplied, but a typical buffer\u2011overflow of this nature is regarded as high severity. EPSS is not available, and the vulnerability is not listed in CISA\u2019s KEV catalog, yet the discovery of remote code execution likely leads to industry\u2011wide scrutiny. Without an official patch, the exploit remains theoretically possible if the router is still running the vulnerable firmware."}}}}, "created": "2026-04-08T19:59:46.418374+00:00", "title": "Buffer Overflow in D\u2011Link DI\u20118003 /user_group.asp Allows Remote Code Execution", "updated": "2026-04-08T20:12:52.291040+00:00", "vendors": ["dlink", "dlink$PRODUCT$di-8003"], "weaknesses": ["CWE-119"]}