Known Exploited Vulnerabilities (KEV)

CISA Catalog

Known Exploited Vulnerabilities

· Live CISA DataCISA KEV catalog — vulnerabilities with active exploitation requiring federal remediation

Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.

KEV Entries

1,619

Ransomware Use

327

Overdue

1,615

Vendors

266

Products

655

26 results · Page 1/2

CVE-2025-29635Overdue

Due: 2026-05-08
Added: 2026-04-24

D-Link DIR-823X Command Injection Vulnerability

D-Link · DIR-823X

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2022-37055Overdue

Due: 2025-12-29
Added: 2025-12-08

D-Link Routers Buffer Overflow Vulnerability

D-Link · Routers

D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Required Action

1 / 2

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2020-25078Overdue

Due: 2025-08-26
Added: 2025-08-05

D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability

D-Link · DCS-2530L and DCS-2670L Devices

D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2020-25079Overdue

Due: 2025-08-26
Added: 2025-08-05

D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability

D-Link · DCS-2530L and DCS-2670L Devices

D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2022-40799Overdue

Due: 2025-08-26
Added: 2025-08-05

D-Link DNR-322L Download of Code Without Integrity Check Vulnerability

D-Link · DNR-322L

D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2024-0769Overdue

Due: 2025-07-16
Added: 2025-06-25

D-Link DIR-859 Router Path Traversal Vulnerability

D-Link · DIR-859 Router

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2023-25280Overdue

Due: 2024-10-21
Added: 2024-09-30

D-Link DIR-820 Router OS Command Injection Vulnerability

D-Link · DIR-820 Router

D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

Required Action

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

CVE-2021-40655Overdue

Due: 2024-06-06
Added: 2024-05-16

D-Link DIR-605 Router Information Disclosure Vulnerability

D-Link · DIR-605 Router

D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.

Required Action

This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

CVE-2014-100005Overdue

Due: 2024-06-06
Added: 2024-05-16

D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability

D-Link · DIR-600 Router

D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session.

Required Action

CVE-2024-3273Overdue

Due: 2024-05-02
Added: 2024-04-11

D-Link Multiple NAS Devices Command Injection Vulnerability

D-Link · Multiple NAS Devices

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.

Required Action

CVE-2024-3272Overdue

Due: 2024-05-02
Added: 2024-04-11

D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability

D-Link · Multiple NAS Devices

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.

Required Action

CVE-2016-20017Overdue

Due: 2024-01-29
Added: 2024-01-08

D-Link DSL-2750B Devices Command Injection Vulnerability

D-Link · DSL-2750B Devices

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2019-17621Overdue

Due: 2023-07-20
Added: 2023-06-29

D-Link DIR-859 Router Command Execution Vulnerability

D-Link · DIR-859 Router

D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

Required Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

CVE-2019-20500Overdue

Due: 2023-07-20
Added: 2023-06-29

D-Link DWL-2600AP Access Point Command Injection Vulnerability

D-Link · DWL-2600AP Access Point

D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.

Required Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

CVE-2022-26258Overdue

Due: 2022-09-29
Added: 2022-09-08

D-Link DIR-820L Remote Code Execution Vulnerability

D-Link · DIR-820L

D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.

Required Action

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2018-6530RansomwareOverdue

Due: 2022-09-29
Added: 2022-09-08

D-Link Multiple Routers OS Command Injection Vulnerability

D-Link · Multiple Routers

Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.

Required Action

The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.

CVE-2011-4723Overdue

Due: 2022-09-29
Added: 2022-09-08

D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability

D-Link · DIR-300 Router

The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.

Required Action

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2019-16057RansomwareOverdue

Due: 2022-05-06
Added: 2022-04-15

D-Link DNS-320 Remote Code Execution Vulnerability

D-Link · DNS-320 Storage Device

The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

Required Action

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2021-45382Overdue

Due: 2022-04-25
Added: 2022-04-04

D-Link Multiple Routers Remote Code Execution Vulnerability

D-Link · Multiple Routers

A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

Required Action

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2020-9377Overdue

Due: 2022-04-15
Added: 2022-03-25

D-Link DIR-610 Devices Remote Command Execution

D-Link · DIR-610 Devices

D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.

Required Action

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2019-16920Overdue

Due: 2022-04-15
Added: 2022-03-25

D-Link Multiple Routers Command Injection Vulnerability

D-Link · Multiple Routers

Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

Required Action

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2016-11021Overdue

Due: 2022-04-15
Added: 2022-03-25

D-Link DCS-930L Devices OS Command Injection Vulnerability

D-Link · DCS-930L Devices

setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.

Required Action

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2013-5223Overdue

Due: 2022-04-15
Added: 2022-03-25

D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability

D-Link · DSL-2760U

A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.

Required Action

Apply updates per vendor instructions.

CVE-2015-2051Overdue

Due: 2022-08-10
Added: 2022-02-10

D-Link DIR-645 Router Remote Code Execution Vulnerability

D-Link · DIR-645 Router

D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

Required Action

The impacted product is end-of-life and should be disconnected if still in use.

CVE-2020-29557Overdue

Due: 2022-05-03
Added: 2021-11-03

D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability

D-Link · DIR-825 R1 Devices

D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

Required Action

Apply updates per vendor instructions.