Active Exploitation of Critical Vulnerabilities in D-Link Routers

Published on 09 Sep 2022

Updated on 13 Sep 2022

There have been reports of active exploitation of two critical vulnerabilities found in D-Link routers.

The critical vulnerabilities are:

  • CVE-2022-28958 - A vulnerability in the "Value" parameter of the sharepoint.php file of D-Link DIR816L routers with firmware version 206b01.
  • CVE-2022-26258 - A vulnerability in the "Device Name" parameter of the /lan.asp file of D-Link DIR-820L routers with firmware version 1.05B03.

Successful exploitation of the vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code.

Administrators and users of the affected products are advised to disconnect them and upgrade to newer routers as both products have reached end-of-life. In the meantime, remote access to the admin panel should be disabled.

More information is available here:

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10302

https://nvd.nist.gov/vuln/detail/CVE-2022-28958#vulnCurrentDescriptionTitle

https://nvd.nist.gov/vuln/detail/CVE-2022-26258#vulnCurrentDescriptionTitle