7.5
CVE-2025-52222
- EPSS 0.02%
- Veröffentlicht 08.04.2026 00:00:00
- Zuletzt bearbeitet 14.04.2026 15:45:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginD-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dlink ≫ Di-8100 Firmware Version16.07.26a1
Dlink ≫ Di-8100g Firmware Version17.12.20a1
Dlink ≫ Di-8004w Firmware Version16.07.26a1
Dlink ≫ Di-8003g Firmware Version17.12.21a1
Dlink ≫ Di-8003 Firmware Version16.07.26a1
Dlink ≫ Di-8500 Firmware Version16.07.26a1
Dlink ≫ Di-8200g Firmware Version17.12.20a1
Dlink ≫ Di-8200 Firmware Version16.07.26a1
Dlink ≫ Di-8400 Firmware Version16.07.26a1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.064 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.