CISA Warns of D-Link Routers Buffer Overflow Vulnerability Exploited in Attacks

A critical buffer overflow vulnerability affecting D-Link routers has been added to the CISA catalog of Known Exploited Vulnerabilities, indicating active exploitation in the wild.

The flaw, tracked as CVE-2022-37055, poses severe risks to organizations and enterprise networks relying on affected D-Link networking equipment.

The vulnerability stems from improper memory management in D-Link routers, allowing unauthenticated attackers to trigger a buffer overflow condition.

Field	Details
CVE ID	CVE-2022-37055
Vulnerability Type	Buffer Overflow
Affected Product	D-Link Routers
CVSS v3.1 Score	9.8(Critical)
Attack Vector	Network
CWE Classification	CWE-120: Buffer Copy without Checking Size of Input
Product Status	End-of-Life (EoL) / End-of-Service (EoS)

Buffer Overflow Flaw Under Active Attack

Successful exploitation enables adversaries to execute arbitrary code with device-level privileges. Granting complete control over network traffic, system integrity, and data confidentiality.

The vulnerability carries a high CVSS rating and critically impacts all three pillars of the CIA triad: confidentiality, integrity, and availability.

A particularly troubling aspect of this advisory involves D-Link products that have reached end-of-life (EoL) or end-of-service (EoS) status.

Many affected routers no longer receive vendor security updates, leaving organizations with limited remediation options. Legacy D-Link networking devices deployed across enterprise environments present persistent security gaps.

Attackers actively exploit to establish persistent network access and launch lateral movement campaigns.

CISA issued the advisory on December 8, 2025, with a mandatory remediation deadline of December 29, 2025. Organizations must act quickly to address this threat.

The agency recommends applying vendor-supplied patches immediately where available. For organizations running end-of-support D-Link equipment without available mitigations, discontinuing use of the equipment is the most viable security posture.

The vulnerability relates to CWE-120 (Buffer Copy without Checking Size of Input), a well-documented memory safety flaw frequently exploited in network device attacks.

Threat intelligence indicates that exploitation techniques are likely relatively straightforward. Increasing the probability of widespread attack campaigns targeting exposed D-Link routers across internet-facing networks and less-secure corporate environments.

Network administrators should prioritize inventory audits to identify all D-Link routers within their infrastructure, document their support status, and implement appropriate remediation strategies.

Organizations must also review network segmentation controls to minimize lateral movement risks in the event of exploitation.

Firewall rules limiting administrative access to routers and network monitoring for suspicious device behavior provide additional defensive layers during the remediation window.

Enterprises should follow applicable CISA Binding Operational Directive 22-01 guidance for cloud service deployments and assess whether affected equipment operates in critical infrastructure environments.

Those unable to apply patches or discontinue vulnerable products should implement enhanced monitoring and access restrictions while developing equipment replacement timelines.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post CISA Warns of D-Link Routers Buffer Overflow Vulnerability Exploited in Attacks appeared first on Cyber Security News.