PatchSiren cyber security CVE debrief
CVE-2023-25280 D-Link CVE debrief
CVE-2023-25280 is an OS command injection vulnerability affecting the D-Link DIR-820 Router. CISA added it to the Known Exploited Vulnerabilities catalog, and the supplied KEV metadata says the product is end-of-life/end-of-service, so the practical response is to retire it rather than wait for a patch.
- Vendor
- D-Link
- Product
- DIR-820 Router
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2024-09-30
- Original CVE updated
- 2024-09-30
- Advisory published
- 2024-09-30
- Advisory updated
- 2024-09-30
Who should care
Organizations that still operate or manage D-Link DIR-820 routers, including small offices, branch sites, MSPs, and asset owners responsible for network edge devices. Security teams should also review any inventories for this model because CISA has marked the issue as known exploited.
Technical summary
The supplied record identifies the issue as an OS command injection vulnerability in the D-Link DIR-820 Router. The corpus does not provide affected firmware versions, authentication requirements, or attack prerequisites. What is clear from the official records is that CISA placed the CVE in KEV and notes the product is end-of-life/end-of-service, which strongly limits remediation options to removal or replacement.
Defensive priority
Urgent. The vulnerability is in CISA’s Known Exploited Vulnerabilities catalog, which indicates known exploitation, and the impacted device is identified as EoL/EoS. If the DIR-820 is still deployed, it should be prioritized for removal and replacement immediately.
Recommended defensive actions
- Identify every D-Link DIR-820 router in your environment, including branch and unmanaged locations.
- Treat the device as high priority because it appears in CISA KEV and is marked end-of-life/end-of-service.
- Plan to discontinue use of the DIR-820 and replace it with a supported model.
- If immediate replacement is not possible, isolate the device as much as operationally feasible and restrict administrative access.
- Validate that no critical services depend on the DIR-820 before decommissioning.
- Update asset inventories and risk registers to reflect the KEV status and EoL/EoS condition.
Evidence notes
CISA’s KEV entry for CVE-2023-25280 identifies the product as D-Link DIR-820 Router, notes the vulnerability as an OS command injection issue, and states the impacted product is end-of-life/end-of-service with the required action to discontinue utilization. The supplied corpus also includes the CVE and NVD records, but it does not provide CVSS, affected firmware versions, or exploit details. CISA KEV notes reference a D-Link security publication (SAP10358).
Official resources
-
CVE-2023-25280 CVE record
CVE.org
-
CVE-2023-25280 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
-
Source item URL
cisa_kev
Publicly documented and added to CISA KEV on 2024-09-30, based on the supplied record. This debrief does not infer the original discovery date beyond the official timeline provided.