CVE-2022-26258 D-Link CVE debrief

Who should care

Organizations that still operate or manage D-Link DIR-820L devices should treat this as an urgent remediation item, especially if the device is externally reachable or difficult to inventory.

Technical summary

The supplied public record identifies the issue as a remote code execution vulnerability in the D-Link DIR-820L. The CISA KEV catalog entry indicates known exploitation and directs defenders to disconnect the end-of-life product if it is still deployed.

Defensive priority

High. A KEV-listed vulnerability on an end-of-life device deserves immediate attention because mitigation options are limited and CISA’s required action is to remove it from active use.

Recommended defensive actions

• Inventory environments for any D-Link DIR-820L devices and confirm whether they are still in use.
• Disconnect or isolate any DIR-820L device that remains deployed, per CISA KEV guidance.
• Plan replacement with supported hardware since the product is end-of-life.
• Review perimeter exposure and ensure the device is not unnecessarily reachable from the internet.
• Track remediation against the CISA KEV due date of 2022-09-29.

Evidence notes

The supplied corpus contains a CVE record, an NVD link, and a CISA KEV entry dated 2022-09-08. The KEV metadata explicitly states that the product is end-of-life and should be disconnected if still in use, but the corpus does not provide exploit details, CVSS scoring, or a full attack chain.

Official resources