📄 Description (English)
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🤖 AI Executive Summary
D-Link DI-8000 series industrial routers contain a critical buffer overflow vulnerability in the RADIUS authentication function affecting multiple firmware versions. The vulnerability allows remote attackers to trigger Denial of Service conditions through crafted requests to the radius_asp function parameters. No patch is currently available, requiring immediate compensating controls for affected Saudi organizations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 2, 2026 06:01
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi telecommunications infrastructure (STC, Mobily), government networks (NCA, CITC), and critical infrastructure operators using D-Link DI-8000 series routers for RADIUS-based authentication. Banking sector (SAMA-regulated institutions) and healthcare organizations relying on these devices for network access control face service disruption risks. Energy sector (ARAMCO, SEC) and water utilities using these industrial routers are particularly vulnerable to DoS attacks that could impact operational technology networks.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Government (NCA, CITC, Ministry of Interior)
Banking (SAMA-regulated institutions)
Healthcare (MOH, private hospitals)
Energy (ARAMCO, SEC)
Water and Wastewater Utilities
Critical Infrastructure Operators
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all D-Link DI-8000 series devices (DI-8003, DI-8003G, DI-8004w, DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8400, DI-8500) in your network
2. Isolate affected devices from untrusted networks or implement network segmentation
3. Disable RADIUS authentication if not critical; use alternative authentication methods
4. Implement strict access controls to the radius_asp function parameters
COMPENSATING CONTROLS:
5. Deploy Web Application Firewall (WAF) rules to block requests containing suspicious rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, rd_ip parameters with excessive length
6. Implement rate limiting on RADIUS authentication requests
7. Monitor for abnormal RADIUS traffic patterns and connection attempts
8. Enable detailed logging of all RADIUS authentication attempts
9. Place affected routers behind a reverse proxy with input validation
DETECTION RULES:
10. Alert on HTTP requests to radius_asp with parameter values exceeding 256 bytes
11. Monitor for repeated failed RADIUS authentication attempts from single source
12. Track device CPU and memory utilization spikes correlating with RADIUS requests
13. Log all configuration changes to RADIUS settings
PATCHING:
14. Contact D-Link support for firmware updates when available
15. Prepare upgrade plan for firmware versions beyond 16.07.26A1 and 17.12.21A1
16. Test patches in isolated lab environment before production deployment
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع أجهزة سلسلة D-Link DI-8000 (DI-8003, DI-8003G, DI-8004w, DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8400, DI-8500) في شبكتك
2. عزل الأجهزة المتأثرة عن الشبكات غير الموثوقة أو تطبيق تقسيم الشبكة
3. تعطيل مصادقة RADIUS إذا لم تكن حرجة؛ استخدم طرق مصادقة بديلة
4. تطبيق ضوابط وصول صارمة لمعاملات وظيفة radius_asp
الضوابط التعويضية:
5. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحجب الطلبات التي تحتوي على معاملات مريبة بطول مفرط
6. تطبيق تحديد معدل على طلبات مصادقة RADIUS
7. مراقبة أنماط حركة RADIUS غير الطبيعية ومحاولات الاتصال
8. تفعيل تسجيل مفصل لجميع محاولات مصادقة RADIUS
9. وضع أجهزة التوجيه المتأثرة خلف وكيل عكسي مع التحقق من صحة الإدخال
قواعد الكشف:
10. تنبيه على طلبات HTTP إلى radius_asp بقيم معاملات تتجاوز 256 بايت
11. مراقبة محاولات مصادقة RADIUS الفاشلة المتكررة من مصدر واحد
12. تتبع ارتفاعات استخدام وحدة المعالجة المركزية والذاكرة المرتبطة بطلبات RADIUS
13. تسجيل جميع التغييرات في إعدادات RADIUS
التصحيح:
14. اتصل بدعم D-Link للحصول على تحديثات البرامج الثابتة عند توفرها
15. تحضير خطة ترقية لإصدارات البرامج الثابتة الأحدث من 16.07.26A1 و 17.12.21A1
16. اختبر التصحيحات في بيئة معملية معزولة قبل نشرها في الإنتاج
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.12.2.1 - Change management procedures
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.8.1.3 - Segregation of duties
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.IP-12 - Security patch management
DE.CM-8 - Vulnerability scans
RS.MI-2 - Incident mitigation procedures
🟡 ISO 27001:2022
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy
A.12.2.1 - Change management
A.8.1.3 - Segregation of duties
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches and updates
Requirement 11.2 - Vulnerability scanning
📦 Affected Products / CPE 9 entries
dlink:di-8100_firmware:16.07.26a1
dlink:di-8100g_firmware:17.12.20a1
dlink:di-8004w_firmware:16.07.26a1
dlink:di-8003g_firmware:17.12.21a1
dlink:di-8003_firmware:16.07.26a1
dlink:di-8500_firmware:16.07.26a1
dlink:di-8200g_firmware:17.12.20a1
dlink:di-8200_firmware:16.07.26a1
dlink:di-8400_firmware:16.07.26a1