What is the CVSS score of CVE-2025-45057?

CVE-2025-45057 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of D-Link are affected by CVE-2025-45057?

D-Link DI-8300 routers running firmware v16.07.26A1 are vulnerable to a network-accessible denial-of-service attack that requires no authentication or user interaction, potentially disrupting…

How to fix or mitigate CVE-2025-45057?

Within 24 hours: Identify all D-Link DI-8300 routers in your network and document current firmware versions via admin console or SNMP queries. Within 7 days: Contact D-Link support to confirm availability of firmware updates beyond v16.07.26A1 and plan testing. Within 30 days: Upgrade firmware to the latest available version once tested in non-production, or implement network segmentation (see compensating controls) if no patch is available.

D-Link CVE-2025-45057

EUVD-2025-209309 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-08 mitre

GHSA-w6cx-r2cm-p462

Buffer Overflow Denial Of Service D-Link

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Apr 08, 2026 - 18:16 euvd

EUVD-2025-209309

Analysis Generated

Apr 08, 2026 - 18:16 vuln.today

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

AnalysisAI

Buffer overflow in D-Link DI-8300 router firmware v16.07.26A1 ip_position_asp function enables unauthenticated remote attackers to trigger denial of service through crafted input to the ip parameter. Network-accessible vulnerability requires no user interaction. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects unauthenticated network attack vector with complete availability impact.

Technical ContextAI

CWE-120 stack-based buffer overflow in ip_position_asp function lacks input validation on ip parameter length. Firmware v16.07.26A1 affected. Exploitable remotely without authentication (CVSS PR:N, AV:N). Overflow triggers crash/DoS but no memory corruption for code execution confirmed.

RemediationAI

No vendor-released patch identified at time of analysis. D-Link has not published patched firmware version per security bulletin at https://www.dlink.com/en/security-bulletin/. Recommended immediate actions: restrict network access to DI-8300 management interface through firewall rules limiting source IP ranges to trusted administrative networks only; disable remote management features if not operationally required; implement network segmentation isolating affected devices. Monitor D-Link security bulletin and product page https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-8300 for future firmware updates. Consider replacement if device reaches end-of-life without patch availability.