In a recent development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised an urgent alarm regarding two critical security vulnerabilities affecting D-Link routers. These vulnerabilities, listed as CVE-2014-100005 and CVE-2021-40655, have been identified as actively exploited, posing significant risks to users’ security.
The first vulnerability, CVE-2014-100005, pertains to a cross-site request forgery (CSRF) flaw impacting D-Link DIR-600 routers. This vulnerability enables attackers to manipulate router configurations by hijacking an existing administrator session, potentially leading to unauthorized access and control.
The second vulnerability, CVE-2021-40655, is an information disclosure flaw affecting D-Link DIR-605 routers. Exploiting this vulnerability allows malicious actors to acquire usernames and passwords by forging HTTP POST requests to the vulnerable router’s configuration page.
While specific details about the exploitation methods remain undisclosed, federal agencies have issued a pressing advisory, urging users to apply vendor-provided patches and mitigations by June 6, 2024, to safeguard against potential attacks.
It’s crucial to highlight that CVE-2014-100005 impacts legacy D-Link products that have reached their end-of-life (EoL) phase. Organizations still utilizing these devices are strongly advised to retire them and transition to more secure alternatives to mitigate associated risks effectively.
In a related development, the SSD Secure Disclosure team has uncovered unpatched security vulnerabilities in DIR-X4860 routers, further amplifying concerns about D-Link’s router security posture. These vulnerabilities could potentially allow remote, unauthenticated attackers to exploit the HNAP port, gaining elevated privileges and executing commands with root access.
The gravity of the situation is underscored by the availability of a proof-of-concept (PoC) exploit, which exploits authentication bypass and command execution vulnerabilities within affected routers. D-Link has acknowledged these issues, with a fix currently in development to address the identified flaws.
Meanwhile, in another realm of cybersecurity, researchers have disclosed a new vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM), marked as CVE-2024-22026. This vulnerability, with a CVSS score of 6.7, empowers authenticated local users to bypass shell restrictions and execute arbitrary commands on the affected appliance.
According to Bryan Smith of Redline Cyber Security, the vulnerability exploits inadequacies in EPMM’s command-line interface, allowing the installation of arbitrary RPM packages from remote URLs without proper authentication or validation.
In addition to CVE-2024-22026, Ivanti has also addressed two SQL injection vulnerabilities (CVE-2023-46806 and CVE-2023-46807) in EPMM, both carrying a CVSS score of 6.7. These flaws, if exploited, could grant authenticated users with appropriate privileges unauthorized access to and modification of the underlying database.
Although there is currently no evidence of exploitation in the wild, users are strongly advised to update their Ivanti EPMM installations to the latest version (12.1.0.0) to mitigate potential security risks effectively.
In conclusion, timely action is paramount in addressing these critical vulnerabilities. By applying patches, updates, and recommended mitigations, users can fortify their systems against emerging cyber threats and ensure the resilience of their network infrastructure. Stay informed, stay protected.
Interesting Article : Microsoft’s Quick Assist Feature & Ransomware Attacks
Pingback: Iranian MOIS-Linked Hackers' (Storm-0842) Attacks Israel & Albania
I wanted to express how wonderful your post is. I could tell you are an authority on this subject because of how obvious it is. If everything is up to you, I would want to follow your feed so I can be informed when you publish new content. Many thanks, and keep up the fantastic work.