Severity
High
Analysis Summary
A critical buffer overflow vulnerability, CVE-2022-37055, affecting multiple D-Link routers, has been officially added to the CISA Known Exploited Vulnerabilities (KEV) Catalog, confirming active real-world exploitation. The flaw results from improper memory handling (CWE-120: Buffer Copy Without Checking Input Size), enabling unauthenticated attackers to trigger a buffer overflow over the network. With a CVSS score of (Critical), the vulnerability allows arbitrary code execution with full device-level privileges, giving adversaries complete control over network traffic and undermining confidentiality, integrity, and availability.
A major concern highlighted by CISA is that many of the affected routers have already reached End-of-Life (EoL) or End-of-Service (EoS) status. These legacy devices no longer receive vendor security patches, leaving organizations with limited remediation options and exposing persistent gaps inside corporate environments. Attackers are exploiting this weakness to gain persistent access to network infrastructure, establish footholds on compromised devices, and move laterally across enterprise networks. The ease of exploitation further increases the likelihood of widespread attacks, especially in environments where outdated D-Link routers remain deployed.
CISA issued the advisory on December 8, 2025, setting a mandatory remediation deadline of December 29, 2025, urging organizations to take immediate action. Where patches exist, they must be applied without delay. For routers with no available fixes due to EoL status, CISA strongly recommends discontinuing the use of vulnerable equipment. During the transition period, organizations must implement enhanced monitoring, strict access restrictions, and network segmentation to reduce the impact of attempted or successful exploitation.
To mitigate risk, administrators should conduct an immediate inventory audit to identify all D-Link routers within their infrastructure, confirm support status, and prioritize replacement for unsupported models. Strengthening firewall configurations, restricting administrative access, and monitoring for unusual device behavior are essential temporary defenses. Enterprises must also review segmentation policies to reduce lateral movement opportunities, follow CISA’s BOD 22-01 cloud-related guidance, and assess exposure in critical infrastructure environments. Organizations unable to apply patches should accelerate device replacement timelines while deploying strict monitoring to safeguard their networks.
Impact
- Buffer Overflow
- Code Execution
- Gain Access
Indicators of Compromise
CVE
CVE-2022-37055
Affected Vendors
Remediation
- Apply all vendor-released patches for supported D-Link routers immediately.
- Discontinue the use of End-of-Life (EoL) / End-of-Service (EoS) D-Link devices with no available security updates.
- Conduct a full inventory audit to identify all D-Link routers in the environment and document their support status.
- Implement strict firewall rules to restrict administrative access to the routers from trusted internal networks only.
- Enforce network segmentation to limit lateral movement if an attacker compromises a vulnerable router.
- Enable continuous monitoring for unusual device behavior, unauthorized configuration changes, or unexpected outbound traffic.
- Block internet exposure of router management interfaces and disable remote management features unless strictly necessary.
- Replace vulnerable routers with modern, supported, and security-hardened equipment as soon as possible.
- Apply additional safeguards such as strong credentials, disabling unused services, and enforcing least-privilege access.
- Follow CISA’s BOD 22-01 guidance for cloud or hybrid deployments to ensure compliant risk management.