D-Link
Company Details
Linkedin ID:
dlink-corp
Website:
Employees number:
528
Number of followers:
12,466
NAICS:
None
Industry Type:
Homepage:
dlink.com
IP Addresses:
0
Company ID:
D-L_1721308
Scan Status:
In-progress
D-Link Company CyberSecurity Posture
dlink.com
D-Link is a global leader in designing, developing and providing networking and connectivity products and total solutions for consumers, small and medium-sized businesses, enterprises, and service providers. From relatively modest beginnings in Taiwan, the company has grown since 1987 into an award-winning global brand in 57 countries. D-Link友訊科技(2332)成立於 1987年,以全球智能網通設備與全方位網通解決方案領導者之姿,於全球57 國設有120個營運與銷售據點,打造數位新絲路,引領全球智能生活;同時亦不斷創新、挑戰自我,屢獲德國紅點設計大獎、德國iF產品設計大獎、美國CES Innovation Awards、IoT Breakthrough Awards、台灣精品獎等國內/外大獎肯定。
D-Link A.I CyberSecurity Scoring
D-Link Risk Score (AI oriented)Between 700 and 749
D-Link
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
D-Link Global Score (TPRM)XXXX
D-Link
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
D-Link Company CyberSecurity News & History
Past Incidents
4
Attack Types
2
D-Link
Vulnerability
Rankiteo Explanation
Attack without any consequences
Description: A critical stack-based buffer overflow vulnerability in the D-Link DIR-825 Rev.B 2.10 router firmware allows unauthenticated, zero-click remote attackers to crash the device’s HTTP server. This flaw resides in the router’s httpd binary and stems from improper handling of the language parameter in the switch_language.cgi endpoint. Exploitation requires no valid credentials or user interaction, meaning an adversary only needs network access to the target device’s management interface to trigger a denial-of-service condition. This vulnerability disrupts VPNs, guest Wi-Fi, and IoT device management, leading to potential service outages and loss of network functionality.
D-Link
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Global networking equipment and technology company D-Link revealed a breach after stolen data was offered for sale on the Breach Forums platform by a threat actor. Upon learning of the purported data breach, the corporation promptly enlisted the assistance of security firm Trend Micro to investigate the purported event. The threat actor declared that it had obtained the source code for D-Link's D-View network management software as well as 3 million lines of personal data. The exposed information includes names, emails, addresses, phone numbers, firms, dates of registration, and the most recent times a user signed in among the stolen data.
CISA warns of D-Link router vulnerability exploitation
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: A pair of vulnerabilities – one old, and one new – has been added to the United States Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog. CVE-2022-37055 is a three-year-old buffer overflow vulnerability in D-Link Go-RT-AC750 routers, which is a sticky one, as the product has reached “end of life” (EoL) and is no longer supported by D-Link. JavaScript is required for CAPTCHA verification to submit this form. By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement. Create free account to get unlimited news articles and more! JavaScript is required for CAPTCHA verification to submit this form. If you check the box above before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later. If you check this box before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later. Keep me signed in on this device. To continue reading the rest of this article, please log in. You’re out of free articles for this month The company’s own security announcement regarding the vulnerability outlined the dangers of using EoL network hardware, and with hackers now on the warpath, it makes for timely reading. “D-Link strongly recommends that this pro
D-Link: D-Link Router Command Injection Vulnerability Actively Exploited in the Wild
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: D-Link Routers Targeted in Long-Running DNS Hijacking Campaign D-Link has confirmed critical unauthenticated command injection vulnerabilities in multiple router models, enabling attackers to remotely modify DNS settings without authentication. These flaws, exploited since at least 2016, allow threat actors to redirect user traffic to malicious infrastructure, facilitating malware distribution, phishing, and traffic interception. Security researchers have tracked ongoing exploitation campaigns targeting home and enterprise networks across multiple continents. The vulnerabilities stem from improper input validation in the routers’ web interfaces, permitting attackers to alter DNS configurations persistently. A large-scale malvertising campaign first reported in December 2016 affected at least 166 router models, including D-Link devices, by redirecting users to malicious ad servers and phishing sites. By April 2019, threat intelligence teams observed sustained attacks against D-Link routers over three consecutive months. Attackers leveraged Google Cloud Platform to deploy the DNSChanger malware variant, automating exploits and increasing the vulnerability’s severity. Publicly disclosed exploits further amplified the risk. Affected Models and Regions: - DSL-2740R (Rev. A, Europe) – Firmware EU v1.15 and older (*EDB-35917*) - DSL-2640B (Rev. T, Malaysia) – Firmware GE v1.07 and older (*EDB-42197*) - DSL-2780B (Rev. A, AU/NZ/EU) – Firmware v1.01.14 and older (*EDB-37237*) - DSL-526B (Rev. B, Australia) – Firmware AU v2.01 and older (*EDB-37241*) These models are primarily deployed outside the U.S. through regional carriers with custom firmware. D-Link advises users to perform factory resets, set unique admin passwords, and manually configure DNS settings using trusted providers like Google DNS (8.8.8.8) or Cloudflare (1.1.1.1). Official firmware patches should be obtained through regional carriers.
D-Link Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for D-Link
Incidents vs Information Technology & Services Industry Average (This Year)
No incidents recorded for D-Link in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for D-Link in 2026.
Incident Types D-Link vs Information Technology & Services Industry Avg (This Year)
No incidents recorded for D-Link in 2026.
Incident History — D-Link (X = Date, Y = Severity)
D-Link cyber incidents detection timeline including parent company and subsidiaries
D-Link Company Subsidiaries
D-Link is a global leader in designing, developing and providing networking and connectivity products and total solutions for consumers, small and medium-sized businesses, enterprises, and service providers. From relatively modest beginnings in Taiwan, the company has grown since 1987 into an award-winning global brand in 57 countries. D-Link友訊科技(2332)成立於 1987年,以全球智能網通設備與全方位網通解決方案領導者之姿,於全球57 國設有120個營運與銷售據點,打造數位新絲路,引領全球智能生活;同時亦不斷創新、挑戰自我,屢獲德國紅點設計大獎、德國iF產品設計大獎、美國CES Innovation Awards、IoT Breakthrough Awards、台灣精品獎等國內/外大獎肯定。
Loading...
D-Link Similar Companies
Computacenter
Computacenter is a leading independent technology and services provider, trusted by large corporate and public sector organisations. We are a responsible business that believes in winning together for our people and our planet. We help our customers to Source, Transform and Manage their technol
VINCI Energies
In a world undergoing constant change, VINCI Energies contributes to the environmental transition by helping bring about major trends in the digital landscape and energy sector. VINCI Energies’ teams roll out technologies and integrate customised multi-technical solutions, from design to implementat
Thoughtworks
We are a global technology consultancy that delivers extraordinary impact by blending design, engineering and AI expertise. For 30 years, our commitment to design-led thinking, engineering excellence and innovation means we prioritize people, build teams with strong technical foundations and embed
SONDA
We are at the forefront of digital transformation in the Americas, positively impacting the lives of over 500 million people. As a key player in emerging industries, we drive innovation and change through ambitious modernization projects and cutting-edge solutions. By understanding the region's chal
.png)
D-Link CyberSecurity News
January 07, 2026 08:00 AM
This critical severity flaw in D-Link DSL gateway devices could allow for remote code execution
When you buy through links on our articles, Future and its syndication partners may earn a commission. Cables going into the back of...
December 11, 2025 08:00 AM
EY US - Home | Building a better working world
This AI survey shows how AI investments are turning into business productivity gains and significant financial performance.
December 09, 2025 08:00 AM
CISA Warns of D-Link Routers Buffer Overflow Vulnerability Exploited in Attacks
A major buffer overflow bug in D-Link routers is now on CISA's exploited vulnerabilities list, showing attackers are actively using it.
December 04, 2025 08:00 AM
Cybersecurity M&A Roundup: 30 Deals Announced in November 2025
Thirty cybersecurity-related merger and acquisition (M&A) deals were announced by companies in November 2025.
November 27, 2025 08:00 AM
ShadowV2 Botnet Exploited AWS Outage Timeline To Test Global IoT Attacks
Cybersecurity researchers at Fortinet's FortiGuard Labs have identified a new Mirai-based botnet, dubbed 'ShadowV2,' which appears to have...
November 27, 2025 08:00 AM
Hackers Exploit IoT Vulnerabilities to Deploy New ShadowV2 Malware
Cybersecurity researchers have uncovered a concerted campaign where hackers are actively exploiting vulnerabilities in Internet of Things...
November 24, 2025 08:00 AM
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
Fortinet exploit, Chrome 0-Day, BadIIS malware, SaaS breach, and record DDoS — plus 15+ top stories shaping this week in cybersecurity.
November 21, 2025 08:00 AM
Cybersecurity News: Sturnus captures encrypted chats, PowerSchool schools blamed, SEC security bill
Cybersecurity researchers at the Dutch mobile security company ThreatFabric are warning of this new trojan that enables credential theft and...
November 13, 2025 08:00 AM
Disrupting the first reported AI-orchestrated cyber espionage campaign
We recently argued that an inflection point had been reached in cybersecurity: a point at which AI models had become genuinely useful for...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
D-Link CyberSecurity History Information
Official Website of D-Link
The official website of D-Link is https://www.dlink.com.
D-Link’s AI-Generated Cybersecurity Score
According to Rankiteo, D-Link’s AI-generated cybersecurity score is 703, reflecting their Moderate security posture.
How many security badges does D-Link’ have ?
According to Rankiteo, D-Link currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has D-Link been affected by any supply chain cyber incidents ?
According to Rankiteo, D-Link has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does D-Link have SOC 2 Type 1 certification ?
According to Rankiteo, D-Link is not certified under SOC 2 Type 1.
Does D-Link have SOC 2 Type 2 certification ?
According to Rankiteo, D-Link does not hold a SOC 2 Type 2 certification.
Does D-Link comply with GDPR ?
According to Rankiteo, D-Link is not listed as GDPR compliant.
Does D-Link have PCI DSS certification ?
According to Rankiteo, D-Link does not currently maintain PCI DSS compliance.
Does D-Link comply with HIPAA ?
According to Rankiteo, D-Link is not compliant with HIPAA regulations.
Does D-Link have ISO 27001 certification ?
According to Rankiteo,D-Link is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of D-Link
D-Link operates primarily in the Information Technology & Services industry.
Number of Employees at D-Link
D-Link employs approximately 528 people worldwide.
Subsidiaries Owned by D-Link
D-Link presently has no subsidiaries across any sectors.
D-Link’s LinkedIn Followers
D-Link’s official LinkedIn profile has approximately 12,466 followers.
NAICS Classification of D-Link
D-Link is classified under the NAICS code None, which corresponds to Others.
D-Link’s Presence on Crunchbase
No, D-Link does not have a profile on Crunchbase.
D-Link’s Presence on LinkedIn
Yes, D-Link maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dlink-corp.
Cybersecurity Incidents Involving D-Link
As of January 22, 2026, Rankiteo reports that D-Link has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
D-Link has an estimated 10,441 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at D-Link ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Vulnerability.
How does D-Link detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with trend micro, and remediation measures with apply firmware update, limit web-ui access, flag unusually long language posts, and remediation measures with d-link strongly recommends discontinuing use of eol hardware, and containment measures with factory resets, containment measures with unique administrative passwords, containment measures with manual dns configuration using trusted providers, and remediation measures with official firmware patches from regional carriers, remediation measures with manual dns configuration, and communication strategy with public advisories via google news, linkedin, and x..
Incident Details
Can you provide details on each incident ?
Title: D-Link Data Breach
Description: Global networking equipment and technology company D-Link revealed a breach after stolen data was offered for sale on the Breach Forums platform by a threat actor.
Type: Data Breach
Motivation: Financial Gain
Title: Critical Stack-Based Buffer Overflow in D-Link DIR-825 Rev.B 2.10 Firmware
Description: A critical stack-based buffer overflow in the D-Link DIR-825 Rev.B 2.10 router firmware allows unauthenticated, zero-click remote attackers to crash the device’s HTTP server. The flaw resides in the router’s httpd binary and stems from improper handling of the language parameter in the switch_language.cgi endpoint.
Type: Vulnerability
Attack Vector: Unauthenticated, zero-click remote attack
Vulnerability Exploited: CVE-2025-7206
Motivation: Denial-of-Service (DoS)
Title: Exploitation of CVE-2022-37055 in D-Link Go-RT-AC750 Routers
Description: A three-year-old buffer overflow vulnerability (CVE-2022-37055) in D-Link Go-RT-AC750 routers has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog. The product has reached end of life (EoL) and is no longer supported by D-Link, making it a persistent security risk.
Type: Vulnerability Exploitation
Attack Vector: Buffer Overflow
Vulnerability Exploited: CVE-2022-37055
Title: D-Link Router Unauthenticated Command Injection and DNS Hijacking Vulnerabilities
Description: D-Link has confirmed unauthenticated command injection vulnerabilities affecting multiple router models deployed internationally. Active exploitation campaigns using DNS hijacking have been documented since late 2016, with threat actors continuing malicious activities through 2019 and beyond. The vulnerabilities allow attackers to change Domain Name Server settings without authentication, redirecting user traffic to malicious infrastructure.
Date Detected: 2016-12-01
Type: DNS Hijacking
Attack Vector: Unauthenticated web interface
Vulnerability Exploited: Lack of input validation in web configuration interfacesUnauthenticated DNS modification
Motivation: Malware distributionTraffic interceptionPhishing
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through switch_language.cgi endpoint and Unauthenticated web interface.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach DLI1117101123
Data Compromised: Source code for d-link's d-view network management software, 3 million lines of personal data
Incident : Vulnerability DLI331071125
Systems Affected: D-Link DIR-825 Rev.B 2.10 router firmware
Operational Impact: Disrupts VPNs, guest Wi-Fi, and IoT device management
Incident : Vulnerability Exploitation DLI1765260054
Systems Affected: D-Link Go-RT-AC750 routers
Brand Reputation Impact: Potential negative impact due to unsupported EoL hardware
Incident : DNS Hijacking DLI1767786327
Systems Affected: Multiple D-Link router models
Operational Impact: Traffic redirection to malicious infrastructure
Brand Reputation Impact: Significant risk due to persistent control over compromised routers
Identity Theft Risk: High due to traffic interception
Payment Information Risk: High due to traffic interception
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Source Code, Personal Data, and User traffic data.
Which entities were affected by each incident ?
Incident : Data Breach DLI1117101123
Entity Name: D-Link
Entity Type: Company
Industry: Networking Equipment and Technology
Incident : Vulnerability DLI331071125
Entity Name: D-Link
Entity Type: Company
Industry: Networking Equipment
Incident : Vulnerability Exploitation DLI1765260054
Entity Name: D-Link
Entity Type: Technology Manufacturer
Industry: Networking Hardware
Incident : DNS Hijacking DLI1767786327
Entity Name: D-Link
Entity Type: Technology Manufacturer
Industry: Networking Hardware
Location: International
Customers Affected: Home users and enterprise networks across multiple continents
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach DLI1117101123
Third Party Assistance: Trend Micro.
Incident : Vulnerability DLI331071125
Remediation Measures: Apply firmware update, limit web-UI access, flag unusually long language posts
Incident : Vulnerability Exploitation DLI1765260054
Remediation Measures: D-Link strongly recommends discontinuing use of EoL hardware
Incident : DNS Hijacking DLI1767786327
Containment Measures: Factory resetsUnique administrative passwordsManual DNS configuration using trusted providers
Remediation Measures: Official firmware patches from regional carriersManual DNS configuration
Communication Strategy: Public advisories via Google News, LinkedIn, and X
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Trend Micro, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach DLI1117101123
Type of Data Compromised: Source code, Personal data
Number of Records Exposed: 3 million lines of personal data
Personally Identifiable Information: NamesEmailsAddressesPhone numbersFirmsDates of registrationMost recent times a user signed in
Incident : DNS Hijacking DLI1767786327
Type of Data Compromised: User traffic data
Sensitivity of Data: High (traffic interception)
Personally Identifiable Information: Potentially exposed due to traffic interception
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Apply firmware update, limit web-UI access, flag unusually long language posts, D-Link strongly recommends discontinuing use of EoL hardware, Official firmware patches from regional carriers, Manual DNS configuration, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by factory resets, unique administrative passwords, manual dns configuration using trusted providers and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Vulnerability Exploitation DLI1765260054
Regulatory Notifications: Added to CISA's Known Exploited Vulnerabilities (KEV) Catalog
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability DLI331071125
Lessons Learned: Enforce strict input validation, ensure proper bounds checking, monitor for anomalous HTTP POST requests
Incident : Vulnerability Exploitation DLI1765260054
Lessons Learned: Using end-of-life (EoL) network hardware poses significant security risks due to lack of vendor support and patches.
Incident : DNS Hijacking DLI1767786327
Lessons Learned: Importance of input validation in web interfaces and secure DNS configuration to prevent hijacking.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability DLI331071125
Recommendations: Apply firmware update, limit web-UI access, flag unusually long language posts
Incident : Vulnerability Exploitation DLI1765260054
Recommendations: Discontinue use of EoL hardware and replace with supported devices. Monitor CISA's KEV Catalog for active threats.
Incident : DNS Hijacking DLI1767786327
Recommendations: Perform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaignsPerform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaignsPerform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaignsPerform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaignsPerform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaigns
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Enforce strict input validation, ensure proper bounds checking, monitor for anomalous HTTP POST requestsUsing end-of-life (EoL) network hardware poses significant security risks due to lack of vendor support and patches.Importance of input validation in web interfaces and secure DNS configuration to prevent hijacking.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Apply firmware update, limit web-UI access, flag unusually long language posts and Discontinue use of EoL hardware and replace with supported devices. Monitor CISA's KEV Catalog for active threats..
References
Where can I find more information about each incident ?
Incident : Vulnerability DLI331071125
Source: Security Researcher iC0rner
Incident : Vulnerability Exploitation DLI1765260054
Source: CISA Known Exploited Vulnerabilities (KEV) Catalog
Incident : DNS Hijacking DLI1767786327
Source: Exploit-DB
Incident : DNS Hijacking DLI1767786327
Source: Exploit-DB
Incident : DNS Hijacking DLI1767786327
Source: Exploit-DB
Incident : DNS Hijacking DLI1767786327
Source: Exploit-DB
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Security Researcher iC0rner, and Source: CISA Known Exploited Vulnerabilities (KEV) Catalog, and Source: Exploit-DBUrl: https://www.exploit-db.com/exploits/35917, and Source: Exploit-DBUrl: https://www.exploit-db.com/exploits/42197, and Source: Exploit-DBUrl: https://www.exploit-db.com/exploits/37237, and Source: Exploit-DBUrl: https://www.exploit-db.com/exploits/37241.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : DNS Hijacking DLI1767786327
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public advisories via Google News, LinkedIn and and X.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability Exploitation DLI1765260054
Customer Advisories: D-Link recommends discontinuing use of EoL Go-RT-AC750 routers due to security risks.
Incident : DNS Hijacking DLI1767786327
Stakeholder Advisories: Follow D-Link on Google News, LinkedIn, and X for updates.
Customer Advisories: Perform factory resets, establish unique administrative passwords, and manually configure DNS settings using trusted providers. Contact regional carriers for firmware patches.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were D-Link recommends discontinuing use of EoL Go-RT-AC750 routers due to security risks., Follow D-Link on Google News, LinkedIn, and X for updates., Perform factory resets, establish unique administrative passwords and and manually configure DNS settings using trusted providers. Contact regional carriers for firmware patches..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability DLI331071125
Entry Point: switch_language.cgi endpoint
Incident : DNS Hijacking DLI1767786327
Entry Point: Unauthenticated web interface
Backdoors Established: DNS configuration modification
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability DLI331071125
Root Causes: Improper handling of the language parameter in the switch_language.cgi endpoint
Corrective Actions: Apply firmware update, limit web-UI access, flag unusually long language posts
Incident : Vulnerability Exploitation DLI1765260054
Root Causes: Use of unsupported EoL hardware with unpatched vulnerabilities
Corrective Actions: Replace EoL devices with supported alternatives
Incident : DNS Hijacking DLI1767786327
Root Causes: Lack Of Input Validation In Web Configuration Interfaces, Unauthenticated Access To Critical Network Settings,
Corrective Actions: Firmware Patches, Secure Dns Configuration, Enhanced Input Validation,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Trend Micro, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Apply firmware update, limit web-UI access, flag unusually long language posts, Replace EoL devices with supported alternatives, Firmware Patches, Secure Dns Configuration, Enhanced Input Validation, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2016-12-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Source code for D-Link's D-View network management software, 3 million lines of personal data and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was trend micro, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Factory resetsUnique administrative passwordsManual DNS configuration using trusted providers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Source code for D-Link's D-View network management software and 3 million lines of personal data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 3.0M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Enforce strict input validation, ensure proper bounds checking, monitor for anomalous HTTP POST requests, Using end-of-life (EoL) network hardware poses significant security risks due to lack of vendor support and patches., Importance of input validation in web interfaces and secure DNS configuration to prevent hijacking.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Perform factory resets on affected routers, Apply firmware update, limit web-UI access, flag unusually long language posts, Establish unique administrative passwords, Monitor for ongoing exploitation campaigns, Discontinue use of EoL hardware and replace with supported devices. Monitor CISA's KEV Catalog for active threats., Contact regional carriers for official firmware patches, Manually configure DNS settings using trusted providers (e.g. and Google DNS or Cloudflare DNS).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are CISA Known Exploited Vulnerabilities (KEV) Catalog, Security Researcher iC0rner and Exploit-DB.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.exploit-db.com/exploits/35917, https://www.exploit-db.com/exploits/42197, https://www.exploit-db.com/exploits/37237, https://www.exploit-db.com/exploits/37241 .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Follow D-Link on Google News, LinkedIn, and X for updates., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an D-Link recommends discontinuing use of EoL Go-RT-AC750 routers due to security risks., Perform factory resets, establish unique administrative passwords and and manually configure DNS settings using trusted providers. Contact regional carriers for firmware patches.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Unauthenticated web interface and switch_language.cgi endpoint.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Improper handling of the language parameter in the switch_language.cgi endpoint, Use of unsupported EoL hardware with unpatched vulnerabilities, Lack of input validation in web configuration interfacesUnauthenticated access to critical network settings.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Apply firmware update, limit web-UI access, flag unusually long language posts, Replace EoL devices with supported alternatives, Firmware patchesSecure DNS configurationEnhanced input validation.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control. This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers. This vulnerability is fixed in `@backstage/backend-defaults` version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later. Some workarounds are available. Restrict `backend.reading.allow` to only trusted hosts that you control and that do not issue redirects, ensure allowed hosts do not have open redirect vulnerabilities, and/or use network-level controls to block access from Backstage to sensitive internal endpoints.
Risk Information
cvss3
Base: 3.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Description
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation via symlink chains (creating `link1 → link2 → /outside` where intermediate symlinks eventually resolve outside the allowed directory) and dangling symlinks (creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations). This function is used by Scaffolder actions and other backend components to ensure file operations stay within designated directories. This vulnerability is fixed in `@backstage/backend-plugin-api` version 0.1.17. Users should upgrade to this version or later. Some workarounds are available. Run Backstage in a containerized environment with limited filesystem access and/or restrict template creation to trusted users.
Risk Information
cvss3
Base: 6.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Description
Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files via the `debug:log` action by creating a symlink pointing to sensitive files (e.g., `/etc/passwd`, configuration files, secrets); delete arbitrary files via the `fs:delete` action by creating symlinks pointing outside the workspace, and write files outside the workspace via archive extraction (tar/zip) containing malicious symlinks. This affects any Backstage deployment where users can create or execute Scaffolder templates. This vulnerability is fixed in `@backstage/backend-defaults` versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0; `@backstage/plugin-scaffolder-backend` versions 2.2.2, 3.0.2, and 3.1.1; and `@backstage/plugin-scaffolder-node` versions 0.11.2 and 0.12.3. Users should upgrade to these versions or later. Some workarounds are available. Follow the recommendation in the Backstage Threat Model to limit access to creating and updating templates, restrict who can create and execute Scaffolder templates using the permissions framework, audit existing templates for symlink usage, and/or run Backstage in a containerized environment with limited filesystem access.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L
Description
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a key_id corresponds to a valid key, potentially accelerating brute-force or enumeration attacks. All users relying on verify_key() for API key authentication prior to the fix are affected. Users should upgrade to version 1.1.0 to receive a patch. The patch applies a uniform random delay (min_delay to max_delay) to all responses regardless of outcome, eliminating the timing correlation. Some workarounds are available. Add an application-level fixed delay or random jitter to all authentication responses (success and failure) before the fix is applied and/or use rate limiting to reduce the feasibility of statistical timing attacks.
Risk Information
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. In order to be vulnerable, cluster admins must configure the Flux Operator with an OIDC provider that issues tokens lacking the expected claims (e.g., `email`, `groups`), or configure custom CEL expressions that can evaluate to empty values. After OIDC token claims are processed through CEL expressions, there is no validation that the resulting `username` and `groups` values are non-empty. When both values are empty, the Kubernetes client-go library does not add impersonation headers to API requests, causing them to be executed with the flux-operator service account's credentials instead of the authenticated user's limited permissions. This can result in privilege escalation, data exposure, and/or information disclosure. Version 0.40.0 patches the issue.
Risk Information
cvss3
Base: 5.3
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References
- https://github.com/controlplaneio-fluxcd/flux-operator/commit/084540424f6de8ba5d88fb1fd1e8472ba29afd7e
- https://github.com/controlplaneio-fluxcd/flux-operator/pull/610
- https://github.com/controlplaneio-fluxcd/flux-operator/releases/tag/v0.40.0
- https://github.com/controlplaneio-fluxcd/flux-operator/security/advisories/GHSA-4xh5-jcj2-ch8q
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dlink-corp' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
