D-Link Router Flaws Are Being Actively Exploited; Update Immediately, Says CISA
D-Link Router Flaws Are Being Actively Exploited; Update Immediately, Says CISA
Based on findings of active abuse, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security vulnerabilities affecting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog on Thursday.
The following vulnerabilities have been identified:
CVE-2014-100005 | D-Link DIR-600 routers are susceptible to a cross-site request forgery (CSRF) flaw that permits an attacker to modify router configurations by commandeering an active administrator session. |
CVE-2021-40655 | An information disclosure vulnerability that affects D-Link DIR-605 routers and permits attackers to forge an HTTP POST request to the /getcfg.php page in order to obtain a username and password. |
While specifics regarding the practical exploitation of these vulnerabilities are not yet available, federal agencies have been strongly encouraged to implement vendor-supplied countermeasures by June 6, 2024.
It is noteworthy to mention that CVE-2014-100005 has impacted end-of-life (EoL) D-Link products from the past, requiring organizations that continue to utilize them to retire and replace the devices.
The revelation of unpatched security vulnerabilities in DIR-X4860 routers by the SSD Secure Disclosure team coincides with this development. These vulnerabilities could allow remote, unauthenticated attackers to exploit the HNAP port to execute commands as the root user.
“The device can be completely compromised by combining an authentication bypass with command execution” the report continued, adding that the vulnerabilities affect routers running firmware version DIRX4860A1_FWV1.04B03.
SSD Secure Disclosure has additionally disclosed a proof-of-concept (PoC) exploit that circumvents authentication safeguards and executes code by exploiting a command injection vulnerability through the use of a specially crafted HNAP login request to the router’s management interface.
Since then, D-Link has issued its own bulletin acknowledging the issue and stating that a remedy is “Pending Release/Under Development.” The vulnerability was characterized as an unauthenticated command execution weakness on the LAN side.
Ivanti addresses a number of Endpoint Manager Mobile (EPMM) vulnerabilities.
A PoC exploit for a newly discovered vulnerability in Ivanti EPMM (CVE-2024-22026, CVSS score: 6.7) has also been published by cybersecurity researchers. This exploit could enable an authenticated local user to circumvent shell restrictions and execute arbitrary commands on the appliance.
“This flaw enables a local intruder to obtain root access to the system by abusing the software update procedure with a malignant RPM package from a remote URL,” Bryan Smith of Redline Cyber Security explained.
The issue arises from a validation deficiency in the installation command of the EPMM command-line interface. This deficiency allows any RPM package to be downloaded from a user-supplied URL without undergoing authentication to ensure its authenticity.
CVE-2024-22026 affects all EPMM versions prior to 12.1.0.0. Two additional SQL injection vulnerabilities in the same product (CVE-2023-46806 and CVE-2023-46807, CVSS scores: 6.7) that could permit an authenticated user with the necessary permissions to access or modify data in the underlying database have been rectified by Ivanti.
Although no evidence suggests that these vulnerabilities have been exploited, it is recommended that users update to the most recent version in order to minimize potential hazards.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE