Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-50665

CVE-2025-50665: D-Link DI-8003 Buffer Overflow Vulnerability

CVE-2025-50665 is a buffer overflow vulnerability in D-Link DI-8003 firmware that allows attackers to exploit improper input handling. This article covers technical details, affected versions, impact, and mitigation.

Updated:

CVE-2025-50665 Overview

CVE-2025-50665 is a buffer overflow vulnerability [CWE-120] in D-Link DI-8003 routers running firmware version 16.07.26A1. The flaw resides in the /web_keyword.asp endpoint, which fails to properly validate input length on multiple HTTP GET parameters. An unauthenticated remote attacker can send a crafted request containing oversized values in the name, en, time, mem_gb2312, or mem_utf8 parameters to trigger memory corruption. Successful exploitation produces a denial-of-service condition on the affected device.

Critical Impact

Unauthenticated attackers can remotely crash D-Link DI-8003 routers by sending a single malformed HTTP GET request, disrupting network availability for all connected clients.

Affected Products

  • D-Link DI-8003 router (hardware)
  • D-Link DI-8003 firmware version 16.07.26A1
  • Deployments exposing the web management interface to untrusted networks

Discovery Timeline

  • 2026-04-08 - CVE-2025-50665 published to NVD
  • 2026-04-22 - Last updated in NVD database

Technical Details for CVE-2025-50665

Vulnerability Analysis

The vulnerability stems from improper bounds checking in the request handler for the /web_keyword.asp endpoint on the DI-8003 web management interface. The handler reads HTTP GET parameters into fixed-size stack or heap buffers without validating the length of the user-supplied data. When the supplied value exceeds the destination buffer size, adjacent memory is overwritten, corrupting program state and crashing the embedded web service.

The CWE-120 classification identifies this as a classic buffer copy without checking the size of the input. Because the impacted device is a network router, loss of the web service typically coincides with a crash of the broader management or routing process, producing an availability impact on the device itself.

Root Cause

The firmware uses unsafe string-handling routines such as strcpy or sprintf against attacker-controlled parameters delivered through the query string. No length validation, allowlist filtering, or canonical encoding check is performed before the copy operation. The five affected parameters (name, en, time, mem_gb2312, and mem_utf8) are all processed by the same vulnerable code path.

Attack Vector

Exploitation requires network reachability to the device's HTTP management interface and no authentication or user interaction. An attacker submits a single HTTP GET request to /web_keyword.asp with one of the named parameters set to an oversized string. The device responds by crashing the web service or rebooting, depending on which memory region is corrupted.

The vulnerability is described in the GitHub IoT Vulnerability Collection and acknowledged in the D-Link Security Advisory SAP10505.

Detection Methods for CVE-2025-50665

Indicators of Compromise

  • HTTP GET requests to /web_keyword.asp containing unusually long values in the name, en, time, mem_gb2312, or mem_utf8 parameters
  • Unexpected reboots, watchdog resets, or web management service crashes on DI-8003 devices
  • Loss of administrative connectivity to the router immediately following an inbound HTTP request from an external source

Detection Strategies

  • Inspect web access logs and upstream proxy logs for requests targeting /web_keyword.asp with parameter values exceeding several hundred bytes
  • Deploy network intrusion detection signatures that flag HTTP GET requests to the DI-8003 management URI containing oversized query string parameters
  • Correlate router uptime resets with inbound HTTP traffic to identify availability impacts caused by exploitation attempts

Monitoring Recommendations

  • Forward router syslog and SNMP availability data to a centralized analytics platform for alerting on repeated crashes
  • Monitor for scanning activity probing the /web_keyword.asp path across the network perimeter
  • Track exposure of DI-8003 management interfaces on internet-facing IP ranges using asset inventory data

How to Mitigate CVE-2025-50665

Immediate Actions Required

  • Restrict access to the DI-8003 web management interface to trusted administrative networks using ACLs or firewall rules
  • Disable remote (WAN-side) management on affected devices until a vendor patch is applied
  • Review the D-Link Security Bulletin and D-Link Security Advisory SAP10505 for firmware update availability

Patch Information

At the time of publication, D-Link tracks this issue under advisory SAP10505. Administrators should monitor the official D-Link Security Bulletin page for an updated firmware release for the DI-8003 platform and apply it as soon as it becomes available. Devices running firmware 16.07.26A1 should be considered vulnerable until upgraded.

Workarounds

  • Place the DI-8003 behind a network segment that blocks untrusted HTTP access to its management interface
  • Use a reverse proxy or web application firewall to enforce maximum query-string and parameter length limits on requests to /web_keyword.asp
  • If feasible, replace end-of-life DI-8003 hardware with a currently supported router model
bash
# Example firewall rule restricting management access to a trusted subnet
iptables -A INPUT -p tcp --dport 80 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.