The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities, found in some D-Link routers, to its database of Known Exploited Vulnerabilities (KEV), meaning it has evidence of in-the-wild abuse.
The two vulnerabilities are tracked as CVE-20214-100005, and CVE-2021-40655. The former is a cross-site request forgery (CSRF) flaw, found in D-Link DIR-600 routers, while the latter is an information disclosure flaw found in D-Link DIR-605 routers. The former allows threat actors to change router configurations, while the latter enables login credential theft.
CISA did not detail exactly who, or how, is exploiting these vulnerabilities in the wild, but did give federal agencies a deadline of June 6, 2024, to address the issue.
Patches available
The best way to fix the flaws is by patching the compromised devices. The cross-site request forgery vulnerability has been around for almost a decade, as it was first reported back in 2015. It is also worth mentioning that the D-Link DIR-600 devices, vulnerable to this flaw, have reached their end-of-life status, and as such no longer receive updates or security patches.
Any new vulnerabilities found in these endpoints will remain unaddressed, so the safest thing to do at this point would be to just replace them with newer models that are still receiving vendor updates and security patches.
The CSRF flaw is no game, either. It is labeled “critical”, and essentially allows threat actors to remotely hijack the authentication of administrators for requests that either create an administrator account or enable remote management via a crafted configuration module. Furthermore, attackers can use the flaw to activate new configuration settings, or send a ping via a ping action to diagnostic.php.
CVE-2021-40655, on the other hand, while allowing attackers to obtain some login credentials, has been labeled as “problematic”.
Via The Hacker News
More from TechRadar Pro
- Thousands of D-Link NAS devices have serious backdoor security issues
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now