A pair of vulnerabilities – one old, and one new – has been added to the United States Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog.
CVE-2022-37055 is a three-year-old buffer overflow vulnerability in D-Link Go-RT-AC750 routers, which is a sticky one, as the product has reached “end of life” (EoL) and is no longer supported by D-Link.
JavaScript is required for CAPTCHA verification to submit this form.
By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.
Create free account to get unlimited news articles and more!
JavaScript is required for CAPTCHA verification to submit this form.
If you check the box above before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
If you check this box before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
Keep me signed in on this device.
To continue reading the rest of this article, please log in.
You’re out of free articles for this month
The company’s own security announcement regarding the vulnerability outlined the dangers of using EoL network hardware, and with hackers now on the warpath, it makes for timely reading.
“D-Link strongly recommends that this pro
Source: https://www.cyberdaily.au/security/12986-cisa-warns-of-d-link-router-vulnerability-exploitation
D-Link cybersecurity rating report: https://www.rankiteo.com/company/dlink-corp
"id": "DLI1765260054",
"linkid": "dlink-corp",
"type": "Vulnerability",
"date": "1/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': None,
'industry': 'Networking Hardware',
'location': None,
'name': 'D-Link',
'size': None,
'type': 'Technology Manufacturer'}],
'attack_vector': 'Buffer Overflow',
'customer_advisories': 'D-Link recommends discontinuing use of '
'EoL Go-RT-AC750 routers due to security '
'risks.',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'description': 'A three-year-old buffer overflow vulnerability '
'(CVE-2022-37055) in D-Link Go-RT-AC750 routers '
"has been added to CISA's Known Exploited "
'Vulnerabilities (KEV) Catalog. The product has '
'reached end of life (EoL) and is no longer '
'supported by D-Link, making it a persistent '
'security risk.',
'impact': {'brand_reputation_impact': 'Potential negative impact '
'due to unsupported EoL '
'hardware',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'D-Link Go-RT-AC750 routers'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'lessons_learned': 'Using end-of-life (EoL) network hardware '
'poses significant security risks due to lack '
'of vendor support and patches.',
'post_incident_analysis': {'corrective_actions': 'Replace EoL '
'devices with '
'supported '
'alternatives',
'root_causes': 'Use of unsupported '
'EoL hardware with '
'unpatched '
'vulnerabilities'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': 'Discontinue use of EoL hardware and replace '
"with supported devices. Monitor CISA's KEV "
'Catalog for active threats.',
'references': [{'date_accessed': None,
'source': 'CISA Known Exploited Vulnerabilities '
'(KEV) Catalog',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Added to '
"CISA's "
'Known '
'Exploited '
'Vulnerabilities '
'(KEV) '
'Catalog'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': 'D-Link strongly recommends '
'discontinuing use of EoL '
'hardware',
'third_party_assistance': None},
'title': 'Exploitation of CVE-2022-37055 in D-Link Go-RT-AC750 '
'Routers',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2022-37055'}