A classic buffer overflow occurs in the radius_asp function when the router processes several parameters (rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip). Maliciously crafted values for these parameters overflow a buffer, causing the web management interface to crash and the device to become unresponsive. This flaw is identified as CWE‑120 and results in a loss of availability for users of the affected network.

The vulnerability affects a range of D‑Link consumer routers, including the DI‑8003, DI‑8500, DI‑8003G, DI‑8200, DI‑8200G, DI‑8400, DI‑8004w, DI‑8100, and DI‑8100G models. Firmware versions associated with the flaw are v16.07.26A1 for the DI‑8003, DI‑8500, DI‑8200, DI‑8400, DI‑8004w, and DI‑8100; v17.12.21A1 for the DI‑8003G; and v17.12.20A1 for the DI‑8200G and DI‑8100G. These devices are commonly used as home or small‑office routers and are often reachable from both internal and external networks.

The CVSS score of 7.5 reflects a moderate to high impact on availability, while an EPSS score of less than 1% indicates a low probability of widespread exploitation at present. The vulnerability requires remote network access, as the overflow is triggered when the router processes a request containing the vulnerable parameters. The protocol used is not explicitly stated in the advisory, but the mention of a crafted request strongly suggests an HTTP-based interaction; this inference is based on the description that the error occurs during the radius_asp function call. Because the flaw is not yet listed in the CISA KEV catalog, the immediate risk is primarily to environments that host vulnerable routers without sufficient network segmentation or monitoring.