How to fix EUVD-2025-209309?

Within 24 hours: Identify all D-Link DI-8300 routers in your network and document current firmware versions via admin console or SNMP queries. Within 7 days: Contact D-Link support to confirm availability of firmware updates beyond v16.07.26A1 and plan testing. Within 30 days: Upgrade firmware to the latest available version once tested in non-production, or implement network segmentation (see compensating controls) if no patch is available.

Is D-Link affected by EUVD-2025-209309?

D-Link DI-8300 routers running firmware v16.07.26A1 are vulnerable to a network-accessible denial-of-service attack that requires no authentication or user interaction, potentially disrupting internet connectivity for affected organizations.

EUVD-2025-209309

| CVE-2025-45057 HIGH

2026-04-08 mitre

GHSA-w6cx-r2cm-p462

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 08, 2026 - 18:16 vuln.today

EUVD ID Assigned

Apr 08, 2026 - 18:16 euvd

EUVD-2025-209309

CVE Published

Apr 08, 2026 - 00:00 nvd

HIGH 7.5

Description

D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Analysis

Buffer overflow in D-Link DI-8300 router firmware v16.07.26A1 ip_position_asp function enables unauthenticated remote attackers to trigger denial of service through crafted input to the ip parameter. Network-accessible vulnerability requires no user interaction. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects unauthenticated network attack vector with complete availability impact.

Technical Context

CWE-120 stack-based buffer overflow in ip_position_asp function lacks input validation on ip parameter length. Firmware v16.07.26A1 affected. Exploitable remotely without authentication (CVSS PR:N, AV:N). Overflow triggers crash/DoS but no memory corruption for code execution confirmed.

Affected Products

D-Link DI-8300 industrial router, firmware version 16.07.26A1. Vendor: D-Link Corporation. CPE data incomplete in source records.

Remediation

No vendor-released patch identified at time of analysis. D-Link has not published patched firmware version per security bulletin at https://www.dlink.com/en/security-bulletin/. Recommended immediate actions: restrict network access to DI-8300 management interface through firewall rules limiting source IP ranges to trusted administrative networks only; disable remote management features if not operationally required; implement network segmentation isolating affected devices. Monitor D-Link security bulletin and product page https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-8300 for future firmware updates. Consider replacement if device reaches end-of-life without patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

EUVD-2025-209309 vulnerability details – vuln.today

Back

EUVD-2025-209309

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-209309

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code