CVE-2025-52222

Published: Apr 8, 2026Modified: Apr 14, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Affected (9)

Products: Dlink: Di 8100 Firmware, Di 8100g Firmware, Di 8004w Firmware, Di 8003g Firmware, Di 8003 Firmware, Di 8500 Firmware, Di 8200g Firmware, Di 8200 Firmware, Di 8400 Firmware

9 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8100 Firmware	Version 16.07.26a1

Running on/with	Platform Versions
Dlink Di 8100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8100g Firmware	Version 17.12.20a1

Running on/with	Platform Versions
Dlink Di 8100g	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8004w Firmware	Version 16.07.26a1

Running on/with	Platform Versions
Dlink Di 8004w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8003g Firmware	Version 17.12.21a1

Running on/with	Platform Versions
Dlink Di 8003g	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8003 Firmware	Version 16.07.26a1

Running on/with	Platform Versions
Dlink Di 8003	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8500 Firmware	Version 16.07.26a1

Running on/with	Platform Versions
Dlink Di 8500	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8200g Firmware	Version 17.12.20a1

Running on/with	Platform Versions
Dlink Di 8200g	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8200 Firmware	Version 16.07.26a1

Running on/with	Platform Versions
Dlink Di 8200	Version a1

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8400 Firmware	Version 16.07.26a1

Running on/with	Platform Versions
Dlink Di 8400	Version a1

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md

Source: cve@mitre.org

Third Party Advisory

https://www.dlink.com/en/security-bulletin/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.