{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-45059", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-10T15:42:43.981Z", "dateReserved": "2025-04-22T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:06:24.268Z"}, "descriptions": [{"lang": "en", "value": "D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-8300"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T13:07:49.372423Z", "id": "CVE-2025-45059", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T15:42:43.981Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-45059", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T13:07:49.372423Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T13:08:08.027Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-8300"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:06:24.268Z"}}}, "cveMetadata": {"cveId": "CVE-2025-45059", "state": "PUBLISHED", "dateUpdated": "2026-04-10T15:42:43.981Z", "dateReserved": "2025-04-22T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-08T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:di-8300_firmware:16.07.26a1:*:*:*:*:*:*:*", "matchCriteriaId": "703A6A50-00DA-482E-925C-01463CE0CF64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:di-8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "037DA05B-D471-42A3-B7EE-E341C716D7CB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "id": "CVE-2025-45059", "lastModified": "2026-04-10T21:15:23.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-08T18:24:45.840", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-8300"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[v16.07.26A1,v16.07.26A1]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "di-8300", "vendor": "dlink"}], "analysis": {"en": {"generated_at": "2026-04-13T15:29:55.732606+00:00", "value": {"mitigation_remediation": ["Update the device firmware to a version that contains the patch for the tgfile_htm buffer overflow.", "Restrict access to the device\u2019s management web interface to trusted networks or VPN only to reduce exposure to unauthenticated attackers.", "Monitor the device for repeated crashes or reboots that could indicate a DoS attempt and investigate accordingly.", "If an update is not available, isolate the device from the internet or block HTTP traffic to the tgfile_htm endpoint to prevent exploitation."], "summary": {"action": "Apply Firmware Update", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected vendor is D-Link, model DI\u20118300, firmware build 16.07.26A1. No other versions or models are listed. The vulnerability is limited to this specific device build.", "description_and_impact": "The DI\u20118300 firmware version 16.07.26A1 contains a classic buffer overflow in the tgfile_htm function, triggered by an overflow of the fn parameter. The overflow can crash the web management process, resulting in a loss of availability. This exposed weakness is a classic example of CWE\u2011120. While the vulnerability does not directly expose data or allow code execution, it can be used by attackers to render the device unusable, disrupting services that depend on it.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high impact severity, and the EPSS score of less than 1% suggests that current exploitation activity is low. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote access to the device\u2019s web interface, but the description does not specify authentication requirements. Because it is a Denial\u2011of\u2011Service flaw, the risk is primarily to availability and can be mitigated by keeping the device offline or limiting its exposure."}}}}, "created": "2026-04-08T19:33:43.278248+00:00", "title": "D-Link DI-8300 Buffer Overflow Causing DoS", "updated": "2026-04-14T16:40:46.340670+00:00", "vendors": ["dlink", "dlink$PRODUCT$di-8300"]}