CVE-2025-52222
Received Received - Intake
Buffer Overflow in D-Link Radius Function Causes DoS

Publication date: 2026-04-08

Last updated on: 2026-04-14

Assigner: MITRE

Description
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52222
EUVD
EUVD-2025-209315
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
dlink di-8100_firmware 16.07.26a1
dlink di-8100g_firmware 17.12.20a1
dlink di-8004w_firmware 16.07.26a1
dlink di-8003g_firmware 17.12.21a1
dlink di-8003_firmware 16.07.26a1
dlink di-8500_firmware 16.07.26a1
dlink di-8200g_firmware 17.12.20a1
dlink di-8200_firmware 16.07.26a1
dlink di-8400_firmware 16.07.26a1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in several D-Link devices, including models DI-8003, DI-8500, DI-8003G, DI-8200G, DI-8200, DI-8400, DI-8004w, DI-8100, and DI-8100G. It is caused by a buffer overflow in the radius_asp function when processing certain parameters such as rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip.

An attacker can exploit this buffer overflow by sending a specially crafted request to the affected device.

Impact Analysis

Exploitation of this vulnerability can cause a Denial of Service (DoS) condition on the affected D-Link devices.

This means that an attacker could make the device unavailable or unresponsive by sending a crafted request that triggers the buffer overflow.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52222. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart