CVE-2020-9377 D-Link CVE debrief

Who should care

Organizations that still have D-Link DIR-610 devices on the network, especially asset owners, network administrators, security teams, and incident responders responsible for end-of-life infrastructure.

Technical summary

The available official metadata identifies the vulnerability as remote command execution affecting D-Link DIR-610 devices. CISA’s KEV record marks it as a known exploited vulnerability and notes that the product is end-of-life. Because the device is no longer supported, CISA’s required action is to disconnect it if it remains in service.

Defensive priority

Urgent / highest priority. End-of-life devices listed in the KEV catalog should be treated as immediate removal or isolation candidates.

Recommended defensive actions

• Inventory the environment for any D-Link DIR-610 devices.
• If any are found, disconnect them from the network per CISA guidance.
• Replace the device with a supported product rather than relying on patching.
• Review whether the device had any exposed management or routing functions and rotate or retire any dependent credentials and configurations.
• Document remediation and confirm the device is no longer reachable on production or internet-facing networks.

Evidence notes

Source item metadata identifies vendor D-Link, product DIR-610 Devices, and vulnerability name as remote command execution. The CISA KEV record includes dateAdded 2022-03-25, dueDate 2022-04-15, knownRansomwareCampaignUse as Unknown, and the required action: "The impacted product is end-of-life and should be disconnected if still in use."

Official resources