{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-45058", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-08T17:05:50.662Z", "dateReserved": "2025-04-22T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:05:50.662Z"}, "descriptions": [{"lang": "en", "value": "D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-8300"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "id": "CVE-2025-45058", "lastModified": "2026-04-08T21:26:13.410", "metrics": {}, "published": "2026-04-08T18:24:45.723", "references": [{"source": "cve@mitre.org", "url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}, {"source": "cve@mitre.org", "url": "https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-8300"}, {"source": "cve@mitre.org", "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.07.26A1"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "di-8300", "vendor": "dlink"}], "analysis": {"en": {"generated_at": "2026-04-08T19:39:31.092924+00:00", "value": {"mitigation_remediation": ["Check D-Link\u2019s security bulletin and product page for firmware updates that address this issue.", "Download the latest firmware from the official source, verify its checksum, and install it on the affected device.", "Reset the router to factory defaults after updating and confirm the web interface is functioning normally.", "If no updated firmware is available, disable the device\u2019s web management interface or restrict it to a trusted local network subnet.", "Maintain current backups of configuration settings before applying firmware changes.", "Continuously monitor network traffic for repeated DoS attempts to detect possible exploitation."], "summary": {"action": "Apply Update", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Only the D-Link DI-8300 model running firmware version v16.07.26A1 is known to contain this vulnerability. No other D-Link models or firmware releases are mentioned in the advisory.", "description_and_impact": "A buffer overflow occurs in the D-Link DI-8300 firmware (v16.07.26A1) within the jingx_asp function when parsing the fx parameter supplied via the web interface. Sending an oversized or malformed value can corrupt memory, causing the device to crash and stop responding. The result is a loss of availability for the network appliance, potentially disrupting all services that rely on the router.", "risk_and_exploitability": "No public exploits or zero-day reports are documented, and the vulnerability is not listed in the KEV catalog. The EPSS score is unavailable, so the exact likelihood of exploitation is uncertain. However, because the flaw can be triggered remotely via the web interface, an attacker who gains network access could evade monitoring and cause a denial of service. The high impact on availability makes it a priority to remediate when a patch becomes available."}}}}, "created": "2026-04-08T19:33:44.451265+00:00", "title": "Buffer Overflow in D\u2011Link DI\u20118300 Web Interface Causes Denial of Service", "updated": "2026-04-08T19:44:42.786295+00:00", "vendors": ["dlink", "dlink$PRODUCT$di-8300"], "weaknesses": ["CWE-120"]}