anonhaven
Ad

CVE-2025-50645

HIGH CVSS 3.1: 7.5 EPSS 0.04%
Updated Apr 10, 2026
Dlink
Parameter Value
CVSS 7.5 (HIGH)
Type CWE-120 (Buffer Copy without Checking Size)
Vendor Dlink
Public PoC No

A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow condition.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-120 Buffer Copy without Checking Size

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Dlink Di-8003_Firmware
cpe:2.3:o:dlink:di-8003_firmware:16.07.26a1:*:*:*:*:*:*:*
Dlink Di-8003
cpe:2.3:h:dlink:di-8003:-:*:*:*:*:*:*:*

References 2

https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md
cve@mitre.org
https://www.dlink.com/en/security-bulletin/
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-50673

Dlink

7.5

CVE-2025-50672

Dlink

7.5

CVE-2025-50671

Dlink

7.5

CVE-2025-50670

Dlink

7.5

CVE-2025-50669

Dlink

7.5