{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-50670", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-08T17:48:09.760Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:48:09.760Z"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters."}], "id": "CVE-2025-50670", "lastModified": "2026-04-08T21:26:13.410", "metrics": {}, "published": "2026-04-08T19:24:17.690", "references": [{"source": "cve@mitre.org", "url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}, {"source": "cve@mitre.org", "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,16.07.26A1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "di-8003", "vendor": "d-link"}], "analysis": {"en": {"generated_at": "2026-04-08T20:06:20.868811+00:00", "value": {"mitigation_remediation": ["Check the D\u2011Link support website for a firmware update that addresses the /xwgl_bwr.asp buffer overflow on DI\u20118003 16.07.26A1.", "Install any available firmware patch immediately once released.", "If no update is available, restrict external access to the router\u2019s web administration interface with firewall rules or by disabling remote management.", "Limit traffic to the /xwgl_bwr.asp endpoint from trusted IP ranges only.", "Disable the /xwgl_bwr.asp page if it is not required for network operation.", "Monitor the router\u2019s logs for anomalous HTTP GET requests to the /xwgl_bwr.asp endpoint.", "Perform routine vulnerability scans of the router to detect exploitation attempts."], "summary": {"action": "Assess Impact", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw affects D\u2011Link DI\u20118003 routers running firmware version 16.07.26A1. No other firmware revisions or models are listed as impacted.", "description_and_impact": "A buffer overflow flaw exists in the D\u2011Link DI\u20118003 router\u2019s web interface, specifically in the /xwgl_bwr.asp endpoint. The vulnerability is caused by improper handling of the name, qq, and time query parameters in an HTTP GET request. An attacker who can craft these parameters with oversized values can overflow the buffer, potentially corrupting memory and enabling arbitrary code execution, which would give the attacker control of the device.", "risk_and_exploitability": "The attack vector is through the publicly reachable web administration interface, so an external attacker can reach the vulnerable endpoint over the network. No CVSS or EPSS metrics are provided, and the vulnerability is not listed in CISA\u2019s KEV catalog. The lack of published scores does not diminish the risk, given that the buffer overflow could lead to remote code execution. Defenders should consider this flaw serious until an official fix is released."}}}}, "created": "2026-04-09T08:22:43.428740+00:00", "title": "Buffer Overflow in D\u2011Link DI\u20118003 via /xwgl_bwr.asp Parameters", "updated": "2026-04-09T08:28:32.981487+00:00", "vendors": ["d-link", "d-link$PRODUCT$di-8003"], "weaknesses": ["CWE-120"]}