Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A D-Link issue and an Array OS vulnerability have been added to the US cyber agency’s list of known exploited vulnerabilities.
A pair of vulnerabilities – one old, and one new – has been added to the United States Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog.
CVE-2022-37055 is a three-year-old buffer overflow vulnerability in D-Link Go-RT-AC750 routers, which is a sticky one, as the product has reached “end of life” (EoL) and is no longer supported by D-Link.
The company’s own security announcement regarding the vulnerability outlined the dangers of using EoL network hardware, and with hackers now on the warpath, it makes for timely reading.
“D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it,” D-Link said.
“If US consumers continue to use these devices against D-Link’s recommendation, please make sure the device has the most recent firmware, make sure you frequently update the device’s unique password to access its web-configuration, and always have WIFI encryption enabled with a unique password.”
Cyber security company Fortinet also outlined the dangers of CVE-2022-37055 in a blog post earlier this year.
“Buffer overflow vulnerabilities like CVE-2022-37055 are particularly severe because they enable attackers to overwrite memory beyond its allocated limits, potentially injecting and executing malicious code on the affected device,” Fortinet said in a 31 January post.
“This can grant unauthorised control to attackers, allowing them to manipulate device settings, intercept sensitive data, or use the compromised device as a foothold for further attacks.”
That is probably exactly what’s happening right now.
CVE-2025-66644, on the other hand, was only disclosed this month, on 5 December, but has sadly already made the cut for CISA’s KEV catalogue. This is a command injection vulnerability in Array Networks ArrayOS AG VPN devices, and according to an advisory from Japan’s Computer Emergency and Response Team (JPCERT), hackers have been exploiting this one since August through December.
“The DesktopDirect function of the Array AG series provided by Array Networks contains a command injection vulnerability. An attacker exploiting this vulnerability could execute arbitrary commands,” JPCERT said in an alert published on 5 December.
“Array Networks released a version that addresses this vulnerability in May 2025. However, JPCERT/CC has confirmed that attacks exploiting this vulnerability have occurred in Japan since August 2025, resulting in damage such as the installation of webshells on affected products.”
The vulnerability is present in devices running earlier versions of Array OS release 9.4.5.9.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
