The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities found in some D-Link routers to its Known Exploited Vulnerabilities (KEV) database, meaning there is evidence of exploitation in the wild.
The two vulnerabilities are tracked as CVE-20214-100005 and CVE-2021-40655. The former is a cross-site request forgery (CSRF) error found in D-Link DIR-600 routers, while the latter is an information disclosure error found in D-Link DIR-605 routers . The former allows threat actors to change router configurations, while the latter allows for credential theft.
CISA did not detail exactly who and how are exploiting these vulnerabilities in the wild, but did give federal agencies a deadline of June 6, 2024 to address the problem.
Patches available
The best way to fix the flaws is to patch the affected devices. The cross-site request spoofing vulnerability has been around for almost a decade, as it was first reported in 2015. It is also worth mentioning that the D-Link DIR-600 devices, which are vulnerable to this flaw , have reached the end of their lifespan. -life status and as such will no longer receive updates or security patches.
Any new vulnerabilities found in these endpoints will go unnoticed, so the safest thing to do at this point is to simply replace them with newer models that are still receiving vendor updates and security patches.
The CSRF error is also not a game. Labeled “critical,” it essentially allows threat actors to remotely hijack administrator authentication for requests that either create an administrator account or enable remote management through a crafted configuration module. Additionally, attackers can use the flaw to trigger new configuration settings or send a ping to diagnostic.php.
CVE-2021-40655, on the other hand, does allow attackers to obtain credentials, but is labeled as “problematic”.
Through The hacker news