Description
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the fn parameter handling of the tgfile_htm function in D‑Link DI‑8300 firmware version 16.07.26A1. An attacker can send a specially crafted input that exceeds the buffer size, causing the router to crash and become inaccessible. The impact is a denial of service; the flaw does not appear to allow code execution or data disclosure.

Affected Systems

The affected device is the D‑Link DI‑8300 router running firmware version 16.07.26A1. No other affected versions are listed in the data; however, the issue may exist in similar firmware revisions.

Risk and Exploitability

No CVSS score or EPSS data are available, but the buffer overflow provides a remote entry point that an attacker could exploit to bring the device down. The risk is elevated for environments that rely on the router for network connectivity, and the lack of a patch in the provided references suggests immediate action is required.

Generated by OpenCVE AI on April 8, 2026 at 18:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest firmware release from the D‑Link website.
  • If an update is unavailable, disable remote management services that expose the tgfile_htm endpoint.
  • Restart the router after applying updates or configuration changes.
  • Monitor network traffic for unusual requests targeting the DI‑8300 firmware.
  • Report the vulnerability to D‑Link security team if you observe exploitation attempts.

Generated by OpenCVE AI on April 8, 2026 at 18:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Buffer Overflow in D-Link DI-8300 Firmware
Weaknesses CWE-119

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink di-8300
Vendors & Products Dlink
Dlink di-8300

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
References

Subscriptions

Dlink Di-8300
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T17:06:24.268Z

Reserved: 2025-04-22T00:00:00.000Z

Link: CVE-2025-45059

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T18:24:45.840

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-45059

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:44:41Z

Weaknesses