Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

US government warns of D-Link router security flaws — patch now or potentially pay the price

An abstract image of padlocks overlaying a digital background.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities, found in some D-Link routers, to its database of Known Exploited Vulnerabilities (KEV), meaning it has evidence of in-the-wild abuse.

The two vulnerabilities are tracked as CVE-20214-100005, and CVE-2021-40655. The former is a cross-site request forgery (CSRF) flaw, found in D-Link DIR-600 routers, while the latter is an information disclosure flaw found in D-Link DIR-605 routers. The former allows threat actors to change router configurations, while the latter enables login credential theft.

CISA did not detail exactly who, or how, is exploiting these vulnerabilities in the wild, but did give federal agencies a deadline of June 6, 2024, to address the issue. 

Patches available

The best way to fix the flaws is by patching the compromised devices. The cross-site request forgery vulnerability has been around for almost a decade, as it was first reported back in 2015. It is also worth mentioning that the D-Link DIR-600 devices, vulnerable to this flaw, have reached their end-of-life status, and as such no longer receive updates or security patches. 

Any new vulnerabilities found in these endpoints will remain unaddressed, so the safest thing to do at this point would be to just replace them with newer models that are still receiving vendor updates and security patches. 

The CSRF flaw is no game, either. It is labeled “critical”, and essentially allows threat actors to remotely hijack the authentication of administrators for requests that either create an administrator account or enable remote management via a crafted configuration module. Furthermore, attackers can use the flaw to activate new configuration settings, or send a ping via a ping action to diagnostic.php.

CVE-2021-40655, on the other hand, while allowing attackers to obtain some login credentials, has been labeled as “problematic”.

Via The Hacker News

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.