D-Link
Company Details
Linkedin ID:
dlink-corp
Website:
Employees number:
528
Number of followers:
12,466
NAICS:
None
Industry Type:
Homepage:
dlink.com
IP Addresses:
0
Company ID:
D-L_1721308
Scan Status:
In-progress
D-Link Company CyberSecurity Posture
dlink.com
D-Link is a global leader in designing, developing and providing networking and connectivity products and total solutions for consumers, small and medium-sized businesses, enterprises, and service providers. From relatively modest beginnings in Taiwan, the company has grown since 1987 into an award-winning global brand in 57 countries. D-Link友訊科技(2332)成立於 1987年,以全球智能網通設備與全方位網通解決方案領導者之姿,於全球57 國設有120個營運與銷售據點,打造數位新絲路,引領全球智能生活;同時亦不斷創新、挑戰自我,屢獲德國紅點設計大獎、德國iF產品設計大獎、美國CES Innovation Awards、IoT Breakthrough Awards、台灣精品獎等國內/外大獎肯定。
D-Link A.I CyberSecurity Scoring
D-Link Risk Score (AI oriented)Between 700 and 749
D-Link
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
D-Link Global Score (TPRM)XXXX
D-Link
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
D-Link Company CyberSecurity News & History
Past Incidents
4
Attack Types
2
D-Link
Vulnerability
Rankiteo Explanation
Attack without any consequences
Description: A critical stack-based buffer overflow vulnerability in the D-Link DIR-825 Rev.B 2.10 router firmware allows unauthenticated, zero-click remote attackers to crash the device’s HTTP server. This flaw resides in the router’s httpd binary and stems from improper handling of the language parameter in the switch_language.cgi endpoint. Exploitation requires no valid credentials or user interaction, meaning an adversary only needs network access to the target device’s management interface to trigger a denial-of-service condition. This vulnerability disrupts VPNs, guest Wi-Fi, and IoT device management, leading to potential service outages and loss of network functionality.
D-Link
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Global networking equipment and technology company D-Link revealed a breach after stolen data was offered for sale on the Breach Forums platform by a threat actor. Upon learning of the purported data breach, the corporation promptly enlisted the assistance of security firm Trend Micro to investigate the purported event. The threat actor declared that it had obtained the source code for D-Link's D-View network management software as well as 3 million lines of personal data. The exposed information includes names, emails, addresses, phone numbers, firms, dates of registration, and the most recent times a user signed in among the stolen data.
CISA warns of D-Link router vulnerability exploitation
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: A pair of vulnerabilities – one old, and one new – has been added to the United States Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog. CVE-2022-37055 is a three-year-old buffer overflow vulnerability in D-Link Go-RT-AC750 routers, which is a sticky one, as the product has reached “end of life” (EoL) and is no longer supported by D-Link. JavaScript is required for CAPTCHA verification to submit this form. By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement. Create free account to get unlimited news articles and more! JavaScript is required for CAPTCHA verification to submit this form. If you check the box above before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later. If you check this box before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later. Keep me signed in on this device. To continue reading the rest of this article, please log in. You’re out of free articles for this month The company’s own security announcement regarding the vulnerability outlined the dangers of using EoL network hardware, and with hackers now on the warpath, it makes for timely reading. “D-Link strongly recommends that this pro
D-Link: D-Link Router Command Injection Vulnerability Actively Exploited in the Wild
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: D-Link Routers Targeted in Long-Running DNS Hijacking Campaign D-Link has confirmed critical unauthenticated command injection vulnerabilities in multiple router models, enabling attackers to remotely modify DNS settings without authentication. These flaws, exploited since at least 2016, allow threat actors to redirect user traffic to malicious infrastructure, facilitating malware distribution, phishing, and traffic interception. Security researchers have tracked ongoing exploitation campaigns targeting home and enterprise networks across multiple continents. The vulnerabilities stem from improper input validation in the routers’ web interfaces, permitting attackers to alter DNS configurations persistently. A large-scale malvertising campaign first reported in December 2016 affected at least 166 router models, including D-Link devices, by redirecting users to malicious ad servers and phishing sites. By April 2019, threat intelligence teams observed sustained attacks against D-Link routers over three consecutive months. Attackers leveraged Google Cloud Platform to deploy the DNSChanger malware variant, automating exploits and increasing the vulnerability’s severity. Publicly disclosed exploits further amplified the risk. Affected Models and Regions: - DSL-2740R (Rev. A, Europe) – Firmware EU v1.15 and older (*EDB-35917*) - DSL-2640B (Rev. T, Malaysia) – Firmware GE v1.07 and older (*EDB-42197*) - DSL-2780B (Rev. A, AU/NZ/EU) – Firmware v1.01.14 and older (*EDB-37237*) - DSL-526B (Rev. B, Australia) – Firmware AU v2.01 and older (*EDB-37241*) These models are primarily deployed outside the U.S. through regional carriers with custom firmware. D-Link advises users to perform factory resets, set unique admin passwords, and manually configure DNS settings using trusted providers like Google DNS (8.8.8.8) or Cloudflare (1.1.1.1). Official firmware patches should be obtained through regional carriers.
D-Link Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for D-Link
Incidents vs Information Technology & Services Industry Average (This Year)
No incidents recorded for D-Link in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for D-Link in 2026.
Incident Types D-Link vs Information Technology & Services Industry Avg (This Year)
No incidents recorded for D-Link in 2026.
Incident History — D-Link (X = Date, Y = Severity)
D-Link cyber incidents detection timeline including parent company and subsidiaries
D-Link Company Subsidiaries
D-Link is a global leader in designing, developing and providing networking and connectivity products and total solutions for consumers, small and medium-sized businesses, enterprises, and service providers. From relatively modest beginnings in Taiwan, the company has grown since 1987 into an award-winning global brand in 57 countries. D-Link友訊科技(2332)成立於 1987年,以全球智能網通設備與全方位網通解決方案領導者之姿,於全球57 國設有120個營運與銷售據點,打造數位新絲路,引領全球智能生活;同時亦不斷創新、挑戰自我,屢獲德國紅點設計大獎、德國iF產品設計大獎、美國CES Innovation Awards、IoT Breakthrough Awards、台灣精品獎等國內/外大獎肯定。
Loading...
D-Link Similar Companies
Thoughtworks
We are a global technology consultancy that delivers extraordinary impact by blending design, engineering and AI expertise. For 30 years, our commitment to design-led thinking, engineering excellence and innovation means we prioritize people, build teams with strong technical foundations and embed
SONDA
We are at the forefront of digital transformation in the Americas, positively impacting the lives of over 500 million people. As a key player in emerging industries, we drive innovation and change through ambitious modernization projects and cutting-edge solutions. By understanding the region's chal
VINCI Energies
In a world undergoing constant change, VINCI Energies contributes to the environmental transition by helping bring about major trends in the digital landscape and energy sector. VINCI Energies’ teams roll out technologies and integrate customised multi-technical solutions, from design to implementat
Computacenter
Computacenter is a leading independent technology and services provider, trusted by large corporate and public sector organisations. We are a responsible business that believes in winning together for our people and our planet. We help our customers to Source, Transform and Manage their technol
.png)
D-Link CyberSecurity News
January 07, 2026 08:00 AM
This critical severity flaw in D-Link DSL gateway devices could allow for remote code execution
When you buy through links on our articles, Future and its syndication partners may earn a commission. Cables going into the back of...
December 11, 2025 08:00 AM
EY US - Home | Building a better working world
This AI survey shows how AI investments are turning into business productivity gains and significant financial performance.
December 09, 2025 08:00 AM
CISA Warns of D-Link Routers Buffer Overflow Vulnerability Exploited in Attacks
A major buffer overflow bug in D-Link routers is now on CISA's exploited vulnerabilities list, showing attackers are actively using it.
December 04, 2025 08:00 AM
Cybersecurity M&A Roundup: 30 Deals Announced in November 2025
Thirty cybersecurity-related merger and acquisition (M&A) deals were announced by companies in November 2025.
November 27, 2025 08:00 AM
ShadowV2 Botnet Exploited AWS Outage Timeline To Test Global IoT Attacks
Cybersecurity researchers at Fortinet's FortiGuard Labs have identified a new Mirai-based botnet, dubbed 'ShadowV2,' which appears to have...
November 27, 2025 08:00 AM
Hackers Exploit IoT Vulnerabilities to Deploy New ShadowV2 Malware
Cybersecurity researchers have uncovered a concerted campaign where hackers are actively exploiting vulnerabilities in Internet of Things...
November 24, 2025 08:00 AM
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
Fortinet exploit, Chrome 0-Day, BadIIS malware, SaaS breach, and record DDoS — plus 15+ top stories shaping this week in cybersecurity.
November 21, 2025 08:00 AM
Cybersecurity News: Sturnus captures encrypted chats, PowerSchool schools blamed, SEC security bill
Cybersecurity researchers at the Dutch mobile security company ThreatFabric are warning of this new trojan that enables credential theft and...
November 13, 2025 08:00 AM
Disrupting the first reported AI-orchestrated cyber espionage campaign
We recently argued that an inflection point had been reached in cybersecurity: a point at which AI models had become genuinely useful for...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
D-Link CyberSecurity History Information
Official Website of D-Link
The official website of D-Link is https://www.dlink.com.
D-Link’s AI-Generated Cybersecurity Score
According to Rankiteo, D-Link’s AI-generated cybersecurity score is 703, reflecting their Moderate security posture.
How many security badges does D-Link’ have ?
According to Rankiteo, D-Link currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has D-Link been affected by any supply chain cyber incidents ?
According to Rankiteo, D-Link has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does D-Link have SOC 2 Type 1 certification ?
According to Rankiteo, D-Link is not certified under SOC 2 Type 1.
Does D-Link have SOC 2 Type 2 certification ?
According to Rankiteo, D-Link does not hold a SOC 2 Type 2 certification.
Does D-Link comply with GDPR ?
According to Rankiteo, D-Link is not listed as GDPR compliant.
Does D-Link have PCI DSS certification ?
According to Rankiteo, D-Link does not currently maintain PCI DSS compliance.
Does D-Link comply with HIPAA ?
According to Rankiteo, D-Link is not compliant with HIPAA regulations.
Does D-Link have ISO 27001 certification ?
According to Rankiteo,D-Link is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of D-Link
D-Link operates primarily in the Information Technology & Services industry.
Number of Employees at D-Link
D-Link employs approximately 528 people worldwide.
Subsidiaries Owned by D-Link
D-Link presently has no subsidiaries across any sectors.
D-Link’s LinkedIn Followers
D-Link’s official LinkedIn profile has approximately 12,466 followers.
NAICS Classification of D-Link
D-Link is classified under the NAICS code None, which corresponds to Others.
D-Link’s Presence on Crunchbase
No, D-Link does not have a profile on Crunchbase.
D-Link’s Presence on LinkedIn
Yes, D-Link maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dlink-corp.
Cybersecurity Incidents Involving D-Link
As of January 21, 2026, Rankiteo reports that D-Link has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
D-Link has an estimated 10,439 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at D-Link ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Vulnerability.
How does D-Link detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with trend micro, and remediation measures with apply firmware update, limit web-ui access, flag unusually long language posts, and remediation measures with d-link strongly recommends discontinuing use of eol hardware, and containment measures with factory resets, containment measures with unique administrative passwords, containment measures with manual dns configuration using trusted providers, and remediation measures with official firmware patches from regional carriers, remediation measures with manual dns configuration, and communication strategy with public advisories via google news, linkedin, and x..
Incident Details
Can you provide details on each incident ?
Title: D-Link Data Breach
Description: Global networking equipment and technology company D-Link revealed a breach after stolen data was offered for sale on the Breach Forums platform by a threat actor.
Type: Data Breach
Motivation: Financial Gain
Title: Critical Stack-Based Buffer Overflow in D-Link DIR-825 Rev.B 2.10 Firmware
Description: A critical stack-based buffer overflow in the D-Link DIR-825 Rev.B 2.10 router firmware allows unauthenticated, zero-click remote attackers to crash the device’s HTTP server. The flaw resides in the router’s httpd binary and stems from improper handling of the language parameter in the switch_language.cgi endpoint.
Type: Vulnerability
Attack Vector: Unauthenticated, zero-click remote attack
Vulnerability Exploited: CVE-2025-7206
Motivation: Denial-of-Service (DoS)
Title: Exploitation of CVE-2022-37055 in D-Link Go-RT-AC750 Routers
Description: A three-year-old buffer overflow vulnerability (CVE-2022-37055) in D-Link Go-RT-AC750 routers has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog. The product has reached end of life (EoL) and is no longer supported by D-Link, making it a persistent security risk.
Type: Vulnerability Exploitation
Attack Vector: Buffer Overflow
Vulnerability Exploited: CVE-2022-37055
Title: D-Link Router Unauthenticated Command Injection and DNS Hijacking Vulnerabilities
Description: D-Link has confirmed unauthenticated command injection vulnerabilities affecting multiple router models deployed internationally. Active exploitation campaigns using DNS hijacking have been documented since late 2016, with threat actors continuing malicious activities through 2019 and beyond. The vulnerabilities allow attackers to change Domain Name Server settings without authentication, redirecting user traffic to malicious infrastructure.
Date Detected: 2016-12-01
Type: DNS Hijacking
Attack Vector: Unauthenticated web interface
Vulnerability Exploited: Lack of input validation in web configuration interfacesUnauthenticated DNS modification
Motivation: Malware distributionTraffic interceptionPhishing
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through switch_language.cgi endpoint and Unauthenticated web interface.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach DLI1117101123
Data Compromised: Source code for d-link's d-view network management software, 3 million lines of personal data
Incident : Vulnerability DLI331071125
Systems Affected: D-Link DIR-825 Rev.B 2.10 router firmware
Operational Impact: Disrupts VPNs, guest Wi-Fi, and IoT device management
Incident : Vulnerability Exploitation DLI1765260054
Systems Affected: D-Link Go-RT-AC750 routers
Brand Reputation Impact: Potential negative impact due to unsupported EoL hardware
Incident : DNS Hijacking DLI1767786327
Systems Affected: Multiple D-Link router models
Operational Impact: Traffic redirection to malicious infrastructure
Brand Reputation Impact: Significant risk due to persistent control over compromised routers
Identity Theft Risk: High due to traffic interception
Payment Information Risk: High due to traffic interception
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Source Code, Personal Data, and User traffic data.
Which entities were affected by each incident ?
Incident : Data Breach DLI1117101123
Entity Name: D-Link
Entity Type: Company
Industry: Networking Equipment and Technology
Incident : Vulnerability DLI331071125
Entity Name: D-Link
Entity Type: Company
Industry: Networking Equipment
Incident : Vulnerability Exploitation DLI1765260054
Entity Name: D-Link
Entity Type: Technology Manufacturer
Industry: Networking Hardware
Incident : DNS Hijacking DLI1767786327
Entity Name: D-Link
Entity Type: Technology Manufacturer
Industry: Networking Hardware
Location: International
Customers Affected: Home users and enterprise networks across multiple continents
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach DLI1117101123
Third Party Assistance: Trend Micro.
Incident : Vulnerability DLI331071125
Remediation Measures: Apply firmware update, limit web-UI access, flag unusually long language posts
Incident : Vulnerability Exploitation DLI1765260054
Remediation Measures: D-Link strongly recommends discontinuing use of EoL hardware
Incident : DNS Hijacking DLI1767786327
Containment Measures: Factory resetsUnique administrative passwordsManual DNS configuration using trusted providers
Remediation Measures: Official firmware patches from regional carriersManual DNS configuration
Communication Strategy: Public advisories via Google News, LinkedIn, and X
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Trend Micro, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach DLI1117101123
Type of Data Compromised: Source code, Personal data
Number of Records Exposed: 3 million lines of personal data
Personally Identifiable Information: NamesEmailsAddressesPhone numbersFirmsDates of registrationMost recent times a user signed in
Incident : DNS Hijacking DLI1767786327
Type of Data Compromised: User traffic data
Sensitivity of Data: High (traffic interception)
Personally Identifiable Information: Potentially exposed due to traffic interception
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Apply firmware update, limit web-UI access, flag unusually long language posts, D-Link strongly recommends discontinuing use of EoL hardware, Official firmware patches from regional carriers, Manual DNS configuration, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by factory resets, unique administrative passwords, manual dns configuration using trusted providers and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Vulnerability Exploitation DLI1765260054
Regulatory Notifications: Added to CISA's Known Exploited Vulnerabilities (KEV) Catalog
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability DLI331071125
Lessons Learned: Enforce strict input validation, ensure proper bounds checking, monitor for anomalous HTTP POST requests
Incident : Vulnerability Exploitation DLI1765260054
Lessons Learned: Using end-of-life (EoL) network hardware poses significant security risks due to lack of vendor support and patches.
Incident : DNS Hijacking DLI1767786327
Lessons Learned: Importance of input validation in web interfaces and secure DNS configuration to prevent hijacking.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability DLI331071125
Recommendations: Apply firmware update, limit web-UI access, flag unusually long language posts
Incident : Vulnerability Exploitation DLI1765260054
Recommendations: Discontinue use of EoL hardware and replace with supported devices. Monitor CISA's KEV Catalog for active threats.
Incident : DNS Hijacking DLI1767786327
Recommendations: Perform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaignsPerform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaignsPerform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaignsPerform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaignsPerform factory resets on affected routers, Establish unique administrative passwords, Manually configure DNS settings using trusted providers (e.g., Google DNS or Cloudflare DNS), Contact regional carriers for official firmware patches, Monitor for ongoing exploitation campaigns
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Enforce strict input validation, ensure proper bounds checking, monitor for anomalous HTTP POST requestsUsing end-of-life (EoL) network hardware poses significant security risks due to lack of vendor support and patches.Importance of input validation in web interfaces and secure DNS configuration to prevent hijacking.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Apply firmware update, limit web-UI access, flag unusually long language posts and Discontinue use of EoL hardware and replace with supported devices. Monitor CISA's KEV Catalog for active threats..
References
Where can I find more information about each incident ?
Incident : Vulnerability DLI331071125
Source: Security Researcher iC0rner
Incident : Vulnerability Exploitation DLI1765260054
Source: CISA Known Exploited Vulnerabilities (KEV) Catalog
Incident : DNS Hijacking DLI1767786327
Source: Exploit-DB
Incident : DNS Hijacking DLI1767786327
Source: Exploit-DB
Incident : DNS Hijacking DLI1767786327
Source: Exploit-DB
Incident : DNS Hijacking DLI1767786327
Source: Exploit-DB
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Security Researcher iC0rner, and Source: CISA Known Exploited Vulnerabilities (KEV) Catalog, and Source: Exploit-DBUrl: https://www.exploit-db.com/exploits/35917, and Source: Exploit-DBUrl: https://www.exploit-db.com/exploits/42197, and Source: Exploit-DBUrl: https://www.exploit-db.com/exploits/37237, and Source: Exploit-DBUrl: https://www.exploit-db.com/exploits/37241.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : DNS Hijacking DLI1767786327
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public advisories via Google News, LinkedIn and and X.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability Exploitation DLI1765260054
Customer Advisories: D-Link recommends discontinuing use of EoL Go-RT-AC750 routers due to security risks.
Incident : DNS Hijacking DLI1767786327
Stakeholder Advisories: Follow D-Link on Google News, LinkedIn, and X for updates.
Customer Advisories: Perform factory resets, establish unique administrative passwords, and manually configure DNS settings using trusted providers. Contact regional carriers for firmware patches.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were D-Link recommends discontinuing use of EoL Go-RT-AC750 routers due to security risks., Follow D-Link on Google News, LinkedIn, and X for updates., Perform factory resets, establish unique administrative passwords and and manually configure DNS settings using trusted providers. Contact regional carriers for firmware patches..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability DLI331071125
Entry Point: switch_language.cgi endpoint
Incident : DNS Hijacking DLI1767786327
Entry Point: Unauthenticated web interface
Backdoors Established: DNS configuration modification
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability DLI331071125
Root Causes: Improper handling of the language parameter in the switch_language.cgi endpoint
Corrective Actions: Apply firmware update, limit web-UI access, flag unusually long language posts
Incident : Vulnerability Exploitation DLI1765260054
Root Causes: Use of unsupported EoL hardware with unpatched vulnerabilities
Corrective Actions: Replace EoL devices with supported alternatives
Incident : DNS Hijacking DLI1767786327
Root Causes: Lack Of Input Validation In Web Configuration Interfaces, Unauthenticated Access To Critical Network Settings,
Corrective Actions: Firmware Patches, Secure Dns Configuration, Enhanced Input Validation,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Trend Micro, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Apply firmware update, limit web-UI access, flag unusually long language posts, Replace EoL devices with supported alternatives, Firmware Patches, Secure Dns Configuration, Enhanced Input Validation, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2016-12-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Source code for D-Link's D-View network management software, 3 million lines of personal data and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was trend micro, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Factory resetsUnique administrative passwordsManual DNS configuration using trusted providers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Source code for D-Link's D-View network management software and 3 million lines of personal data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 3.0M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Enforce strict input validation, ensure proper bounds checking, monitor for anomalous HTTP POST requests, Using end-of-life (EoL) network hardware poses significant security risks due to lack of vendor support and patches., Importance of input validation in web interfaces and secure DNS configuration to prevent hijacking.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Perform factory resets on affected routers, Apply firmware update, limit web-UI access, flag unusually long language posts, Establish unique administrative passwords, Monitor for ongoing exploitation campaigns, Discontinue use of EoL hardware and replace with supported devices. Monitor CISA's KEV Catalog for active threats., Contact regional carriers for official firmware patches, Manually configure DNS settings using trusted providers (e.g. and Google DNS or Cloudflare DNS).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are CISA Known Exploited Vulnerabilities (KEV) Catalog, Security Researcher iC0rner and Exploit-DB.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.exploit-db.com/exploits/35917, https://www.exploit-db.com/exploits/42197, https://www.exploit-db.com/exploits/37237, https://www.exploit-db.com/exploits/37241 .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Follow D-Link on Google News, LinkedIn, and X for updates., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an D-Link recommends discontinuing use of EoL Go-RT-AC750 routers due to security risks., Perform factory resets, establish unique administrative passwords and and manually configure DNS settings using trusted providers. Contact regional carriers for firmware patches.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Unauthenticated web interface and switch_language.cgi endpoint.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Improper handling of the language parameter in the switch_language.cgi endpoint, Use of unsupported EoL hardware with unpatched vulnerabilities, Lack of input validation in web configuration interfacesUnauthenticated access to critical network settings.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Apply firmware update, limit web-UI access, flag unusually long language posts, Replace EoL devices with supported alternatives, Firmware patchesSecure DNS configurationEnhanced input validation.
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dlink-corp' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
