{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-52222", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-08T17:11:54.364Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T17:11:54.364Z"}, "descriptions": [{"lang": "en", "value": "D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request."}], "id": "CVE-2025-52222", "lastModified": "2026-04-08T21:26:13.410", "metrics": {}, "published": "2026-04-08T18:24:51.373", "references": [{"source": "cve@mitre.org", "url": "https://github.com/xiaotea/iot-vulnerability-collection/blob/main/README.md"}, {"source": "cve@mitre.org", "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"analysis": {"en": {"generated_at": "2026-04-08T19:05:36.255787+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware released by D\u2011Link that addresses the radius_asp buffer overflow.", "If an update is not yet available, isolate the device on a separate network segment or restrict access to the HTTP interface with firewall rules.", "Disable or restrict the RADIUS parameters (rd_en, rd_auth, etc.) if they are not needed for network operation.", "Monitor device logs for repeated or malformed requests to the radius_asp endpoint to detect abuse attempts."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected devices include D\u2011Link DI\u20118003, DI\u20118500, DI\u20118003G, DI\u20118200G, DI\u20118200, DI\u20118400, DI\u20118004w, DI\u20118100, and DI\u20118100G routers. The firmware versions listed are v16.07.26A1, v17.12.21A1, and v17.12.20A1.", "description_and_impact": "A buffer overflow flaw has been found in the radius_asp function of several D\u2011Link DI\u2011series routers. By supplying specially crafted values for the parameters rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, or rd_ip, an attacker can overflow a buffer and crash the web service, resulting in a loss of availability. The weakness is a classic buffer overrun governed by CWE\u2011119.", "risk_and_exploitability": "The vulnerability allows an attacker to cause a denial of service by sending a crafted HTTP request to the device\u2019s web interface. The description mentions the parameters explicitly, so it is inferred that the attack can be performed remotely from the network and no prior authentication is required. No CVSS or EPSS score is provided, but the nature of the flaw suggests a reasonable likelihood of successful exploitation for an attacker who can reach the device. The issue is not listed in the CISA KEV catalog."}}}}, "created": "2026-04-08T19:44:39.344156+00:00", "title": "Buffer Overflow in D\u2011Link DI\u2011Series Firmware Causes Denial of Service", "updated": "2026-04-08T19:44:39.344268+00:00", "vendors": [], "weaknesses": ["CWE-119"]}