CISA requires urgent action to protect critical infrastructure.
The CISA added two new vulnerabilities of D-Link routers to its KEV catalog based on evidence of their active use.
At this point, there are no details on how these vulnerabilities are used in real-world settings, but federal agencies have been instructed to take D-Link's proposed mitigation measures by June 6, 2024.
It is important to note that the vulnerability CVE-2014-100005 concerns legacy D-Link products that have already reached the end of their life cycle. Organizations that continue to use these devices are strongly encouraged to replace them with new models.
The event comes amid news that SSD Secure Disclosure specialists have discovered vulnerabilities in the D-Link EXO AX4800 router (DIR-X4860), which allow you to take full control of the device. SSD analysts provided step-by-step instructions for exploiting the discovered vulnerabilities, making the Proof-of-Concept (PoC) publicly available.
The CISA added two new vulnerabilities of D-Link routers to its KEV catalog based on evidence of their active use.
- CSRF vulnerability CVE-2014-100005 affects D-Link DIR-600 routers and allows an attacker to change router configurations by hijacking an existing administrator session.
- The disclosure vulnerability CVE-2021-40655 affects D-Link DIR-605 routers. Allows you to get a username and password by faking an HTTP POST request to the page /getcfg.php.
At this point, there are no details on how these vulnerabilities are used in real-world settings, but federal agencies have been instructed to take D-Link's proposed mitigation measures by June 6, 2024.
It is important to note that the vulnerability CVE-2014-100005 concerns legacy D-Link products that have already reached the end of their life cycle. Organizations that continue to use these devices are strongly encouraged to replace them with new models.
The event comes amid news that SSD Secure Disclosure specialists have discovered vulnerabilities in the D-Link EXO AX4800 router (DIR-X4860), which allow you to take full control of the device. SSD analysts provided step-by-step instructions for exploiting the discovered vulnerabilities, making the Proof-of-Concept (PoC) publicly available.
