Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Zyxel | Multiple Firewalls

CVE-2022-30525

Zyxel Multiple Firewalls OS Command Injection Vulnerability: A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-16
Due Date: 2022-06-06

Additional Notes

D-Link | DNS-320 Storage Device

CVE-2019-16057

D-Link DNS-320 Remote Code Execution Vulnerability: The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

D-Link | Multiple Routers

CVE-2021-45382

D-Link Multiple Routers Remote Code Execution Vulnerability: A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-04
Due Date: 2022-04-25

Additional Notes

D-Link | DIR-610 Devices

CVE-2020-9377

D-Link DIR-610 Devices Remote Command Execution: D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Zyxel | Multiple Network-Attached Storage (NAS) Devices

CVE-2020-9054

Zyxel Multiple NAS Devices OS Command Injection Vulnerability: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | Multiple Routers

CVE-2019-16920

D-Link Multiple Routers Command Injection Vulnerability: Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | DCS-930L Devices

CVE-2016-11021

D-Link DCS-930L Devices OS Command Injection Vulnerability: setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | DSL-2760U

CVE-2013-5223

D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability: A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | DIR-645 Router

CVE-2015-2051

D-Link DIR-645 Router Remote Code Execution Vulnerability: D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

D-Link | DNS-320 Device

CVE-2020-25506

D-Link DNS-320 Device Command Injection Vulnerability: D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Zyxel | Multiple Products

CVE-2020-29583

Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability: Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.

Related CWE: CWE-522

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

D-Link | DIR-825 R1 Devices

CVE-2020-29557

D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability: D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates