The US Cybersecurity and Infrastructure Security Agency (CISA) has added a dozen security flaws to its Known exploited Vulnerabilities (KEV) catalog. The issues affect products from Google, D-Link, QNAP, Apple, MikroTik, Oracle, Fortinet, Netgear, and Android. All 12 vulnerabilities have mitigation deadlines of September 29, 2022.
- Note that the D-Link and Netgear updates relate to end-of-life products. Make sure you’re actively replacing and excessing them. While they still work, the flaws also still work, which does nobody a favor if pressed back into service. Make sure that you wipe the firmware prior to recycling/disposal.