The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities, found in some D-Link routers, to its Known Exploited Vulnerabilities (KEV) database, meaning it has evidence of abuse In nature.
The two vulnerabilities are tracked as CVE-20214-100005 and CVE-2021-40655. The first is a Cross-Site Request Forgery (CSRF) flaw, found on D-Link DIR-600 routers, while the second is an information disclosure flaw found on D-Link DIR-600 routers. 605. The former allows threat actors to change router configurations, while the latter allows the theft of login credentials.
CISA did not detail exactly who or how is exploiting these vulnerabilities in the wild, but gave federal agencies a deadline of June 6, 2024 to address the issue.
Patches available
The best way to fix the flaws is to patch the compromised devices. The cross-site request forgery vulnerability has existed for almost a decade, as first reported in 2015. It is also worth mentioning that D-Link DIR-600 devices, vulnerable to this flaw, have reached their end of life. life. -state of life, and as such no longer receives updates or security patches.
Any new vulnerabilities found in these endpoints will remain unresolved, so the safest thing to do at this point would be to simply replace them with newer models that are still receiving updates and security patches from vendors.
The CSRF flaw is not a game either. It is labeled “critical” and essentially allows threat actors to remotely hijack administrators' authentication for requests that create an administrator account or enable remote administration via a crafted configuration module. Additionally, attackers can use the flaw to trigger new configuration settings or send a ping via a ping action to diagnostic.php.
CVE-2021-40655, on the other hand, although it allows attackers to obtain some login credentials, has been labeled as “problematic.”
Through Hacker News