The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities found in some D-Link routers to its database of known exploited vulnerabilities (KEV). This means there is evidence of actual abuse.
The two vulnerabilities are tracked as CVE-20214-100005 and CVE-2021-40655. The former is a cross-site request forgery (CSRF) flaw found in the D-Link DIR-600 router, and the latter is an information disclosure flaw found in the D-Link DIR-605 router. The former allows attackers to change router settings, and the latter allows attackers to steal login credentials.
CISA did not provide details about who is actually exploiting these vulnerabilities and how, but it gave federal agencies a June 6, 2024 deadline to address the issue. He gave.
Patches available
The best way to fix the flaw is to patch the compromised device. Cross-site request forgery vulnerabilities have been around for almost a decade, first reported in 2015. It's also worth mentioning that the D-Link DIR-600 device, which is vulnerable to this flaw, has reached end of life. -life status prevents you from receiving updates and security patches.
Any new vulnerabilities found in these endpoints will remain unaddressed, so the safest thing to do now is to replace them with newer models that are still receiving vendor updates and security patches.
CSRF flaws aren't an issue either. This is labeled “critical” and essentially allows an attacker to respond to requests to create an administrator account or enable remote management via a crafted configuration module. Allows authentication to be hijacked remotely. Additionally, an attacker could leverage this flaw to enable new configuration settings or ping her Diagnostic.php via the ping action.
CVE-2021-40655, on the other hand, is classified as “questionable” although it allows attackers to obtain some login credentials.
via hacker news
