What is the CVSS score of CVE-2025-45058?

CVE-2025-45058 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of D-Link are affected by CVE-2025-45058?

CVE-2025-45058 affects D-Link DI-8300 routers running firmware v16.07.26A1, allowing unauthenticated remote attackers to remotely crash the device through a buffer overflow vulnerability.

How to fix or mitigate CVE-2025-45058?

Within 24 hours: Identify all D-Link DI-8300 routers in production and verify firmware version via device management interface. Within 7 days: Contact D-Link support to confirm patched firmware availability and obtain timeline for v16.07.26A1 replacement release; implement network segmentation to restrict external access to affected router management interfaces where feasible. Within 30 days: Deploy patched firmware across all affected devices upon vendor release, or replace devices if no patch timeline is provided by D-Link.

D-Link CVE-2025-45058

EUVD-2025-209310 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-08 mitre

GHSA-9hfh-f4vw-87qr

Buffer Overflow Denial Of Service D-Link

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Apr 08, 2026 - 18:16 euvd

EUVD-2025-209310

Analysis Generated

Apr 08, 2026 - 18:16 vuln.today

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

AnalysisAI

Buffer overflow in D-Link DI-8300 router firmware v16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed fx parameter input to the jingx_asp function. Network-accessible exploitation requires no authentication or user interaction (CVSS AV:N/PR:N/UI:N). Impact limited to availability disruption; no data confidentiality or integrity compromise. No public exploit identified at time of analysis. EPSS 0.02% indicates low observed exploitation activity.

Technical ContextAI

CWE-120 classic buffer overflow in jingx_asp function handler fails to validate fx parameter length boundaries before memory operations. Unchecked input copying enables stack/heap corruption triggering process crash. CVSS vector AC:L indicates trivial exploitation complexity against network-exposed embedded device management interface.

RemediationAI

No vendor-released patch identified at time of analysis. D-Link has not published firmware updates addressing CVE-2025-45058 per security bulletin https://www.dlink.com/en/security-bulletin/. Immediate mitigations: (1) disable remote management interface access, restricting administrative functions to trusted internal networks only; (2) implement strict firewall rules blocking external access to web management ports (typically TCP 80/443); (3) deploy network segmentation isolating affected devices from untrusted zones; (4) monitor D-Link security advisories for forthcoming patches. Organizations unable to implement network controls should consider hardware replacement with actively supported alternatives. Verify product support status at https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-8300 as legacy devices may receive limited security maintenance.