Cybersecurity Risks: Implications of Utilizing End of Life (EOL) and End of Support (EOS) Network Equipment

Cybersecurity Risks: Implications of Utilizing End of Life (EOL) and End of Support (EOS) Network Equipment

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

Cybersecurity Risks: Implications of Utilizing End of Life (EOL) and End of Support (EOS) Network Equipment

Information: 

   D-Link is a leading networking equipment manufacturer from Taiwan, founded in 1986. It is well-known for producing cost-effective and user-friendly devices, offering everything from Wi-Fi routers and smart home systems for everyday consumers to network switches for small and medium-sized businesses (SMBs). However, because these devices are so widely used globally, older end-of-life (EOL) models that no longer receive firmware updates frequently become targets for cyberattacks. Therefore, it is highly recommended that users regularly check and update their security systems or upgrade to newer devices to ensure maximum security.

Incident :

  The vulnerability in the D-Link DSL-2750B router began impacting users in 2016 when it was revealed. This weakness allowed hackers to remotely execute malicious commands on the device (command injection) without requiring a login password. Due to the ease of exploitation, hackers could create automated scripts to scan and attack routers in homes and organizations that had not yet updated their security systems.

  Since then, this vulnerability has become a key tool for botnet malware networks (such as the Mirai family) to seize control of routers and use them as a base for launching DDoS attacks, causing network outages. Even after several years, attacks exploiting this vulnerability continue to occur on older, end-of-life devices.

  The severity of this vulnerability led the U.S. Cybersecurity Agency (CISA) to add it to its List of Known Exploited Vulnerabilities (KEVs) and issue a directive for its supervising agencies to immediately remove or deactivate all at-risk routers from their systems, as hackers continue to actively exploit this vulnerability to this day.

Recommendation :

  1. Hardware Replacement: Since this D-Link router model is in End-of-Life (EOL) status and will no longer receive security updates, removing the device from the system and replacing it with a newer, supported model is the decisive solution.
  2. Mitigation & Segmentation: If immediate replacement is not possible, disable WAN Remote Management to prevent external visibility by hackers. Isolate the vulnerable device's network from the main server. Monitoring & Analysis: Use a SIEM system.
  3. Monitor incoming logs, focusing on HTTP requests executing login.cgi with malicious cli parameters, while also monitoring outgoing traffic for connections to a C2 server that may indicate the device is being used in a botnet.

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
092 257 6902 (Ms.Narusorn)
063 197 7510 (Mr.Yanotai)
065 725 7405 (Ms.Nattharini)
065 725 7405 (Ms.Donraya)

References :

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2026-4113

 4/9/2026

14/05/2026

SMA1000 12.4.3-03245 and earlier versions., SMA1000 12.5.0-02283 and earlier versions.

Credential Enumeration

7.2

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.

SMA1000 12.4.3-03387 and higher versions., SMA1000 12.5.0-02624 and higher versions

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

 

 
2

CVE-2026-30901

11/3/2026

14/05/2026

Zoom Rooms for Windows before 6.6.5

Improper Input Validation

7

Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.

Update the application to version 6.6.5.6792 or later.

https://www.sentinelone.com/vulnerability-database/cve-2026-30901/


 
3

CVE-2026-8585

14/5/2026

15/5/2026

Chrome on iOS prior to 148.0.7778.168

Out-of-Bounds Memory Read

7.5

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.

Upgrading to version 148.0.7778.168

https://nvd.nist.gov/vuln/detail/CVE-2026-8585
 4

CVE-2025-53844

12/5/2026

15/5/2026

Fortinet FortiOS 7.6.0 through 7.6.3,
FortiOS 7.4.0 through 7.4.8,
FortiOS 7.2.0 through 7.2.11

Out-of-bounds Write

8.8

A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.

Update to Fortinet FortiOS 7.6.4,
Fortinet FortiOS 7.4.9,
Fortinet FortiOS 7.2.12

https://nvd.nist.gov/vuln/detail/CVE-2025-53844
5

CVE-2026-8305

11/5/2026

15/5/2026

OpenClaw up to 2026.1.24

Improper Authentication

7.3

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Upgrading to version 2026.2.12

https://nvd.nist.gov/vuln/detail/CVE-2026-8305

 

Malware News or Campaign IOC/IOA | EN

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt​

17/05/2026​

Source Code Theft, Supply Chain Attack, Compromised GitHub Token

Grafana Labs was hacked after its company GitHub token was leaked. This allowed hackers to log in to internal GitHub as legitimate employees and download parts of the company's source code. The attack is believed to have begun with the theft of the GitHub token via phishing, malware, or a token leaked from a developer's machine. The hackers then used the token to authenticate on GitHub and accessed internal repositories to clone source code and search for sensitive information such as configuration files, internal documentation, and secrets. This stolen data was then used as leverage to demand a ransom.​
  • Change all associated credentials, secrets, and API keys.​
  • Provide awareness training to employees.​
  • Enable MFA and restrict access.​

Ref: https://thehackernews.com/2026/05/grafana-github-token-breach-led-to.html

 

27 May 2026

Viewed 54 time

Engine by shopup.com