Description
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the jingx_asp function triggered by the fx parameter. A crafted input can cause the buffer to overrun, leading the device to crash and restart, which results in loss of availability for connected users. The weakness is CWE-120.

Affected Systems

D-Link DI-8300 routers running firmware version 16.07.26A1 are affected. The flaw is confined to the device’s internal updater or web management subsystem.

Risk and Exploitability

The CVSS v3 score of 7.5 indicates a high severity, while an EPSS score of less than 1% suggests a low probability of widespread exploitation. The vulnerability is not listed in CISA’s KEV catalog. The likely attack path involves remote delivery of an oversized fx parameter to the flashing or management interface, but this is inferred from the wording of the description, as the exact input channel is not explicitly stated.

Generated by OpenCVE AI on April 10, 2026 at 22:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from D-Link that removes or fixes the vulnerable function.
  • If an update is not immediately available, disable the device’s web management interface or isolate it from external networks to reduce exposure.
  • After applying a patch or mitigation, verify that the device no longer reboots when sending the fx parameter and monitor logs for abnormal activity.

Generated by OpenCVE AI on April 10, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Stack-Based Buffer Overflow in D-Link DI-8300 Causes Denial of Service

Fri, 10 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Dlink di-8300 Firmware
CPEs cpe:2.3:h:dlink:di-8300:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:di-8300_firmware:16.07.26a1:*:*:*:*:*:*:*
Vendors & Products Dlink di-8300 Firmware

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8300 Web Interface Causes Denial of Service

Fri, 10 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in D‑Link DI‑8300 Web Interface Causes Denial of Service
Weaknesses CWE-120

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8300
Vendors & Products Dlink
Dlink di-8300

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
References

Subscriptions

Dlink Di-8300 Di-8300 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-09T20:51:48.190Z

Reserved: 2025-04-22T00:00:00.000Z

Link: CVE-2025-45058

cve-icon Vulnrichment

Updated: 2026-04-09T20:51:44.466Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T18:24:45.723

Modified: 2026-04-10T21:15:34.363

Link: CVE-2025-45058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:26:10Z

Weaknesses