The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added two security flaws impacting D-Hyperlink routers to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.
The record of vulnerabilities is as follows –
- CVE-2014-100005 – A cross-site request forgery (CSRF) vulnerability impacting D-Hyperlink DIR-600 routers that permits an attacker to vary router configurations by hijacking an current administrator session
- CVE-2021-40655 – An info disclosure vulnerability impacting D-Hyperlink DIR-605 routers that permits attackers to acquire a username and password by forging an HTTP POST request to the /getcfg.php web page
There are at present no particulars on how these shortcomings are exploited within the wild, however federal companies have been urged to use vendor-provided mitigations by June 6, 2024.
It is price noting that CVE-2014-100005 impacts legacy D-Hyperlink merchandise which have reached end-of-life (EoL) standing, necessitating that organizations nonetheless utilizing them retire and exchange the units.
The event comes because the SSD Safe Disclosure workforce revealed unpatched security points in DIR-X4860 routers that might allow distant unauthenticated attackers to entry the HNAP port with a view to receive elevated permissions and run instructions as root.
“By combining an authentication bypass with command execution the machine may be fully compromised,” it mentioned, including the problems impression routers operating firmware model DIRX4860A1_FWV1.04B03.
SSD Safe Disclosure has additionally made accessible a proof-of-concept (PoC) exploit, which employs a specifically crafted HNAP login request to the router’s administration interface to get round authentication protections and obtain code execution by making the most of a command injection vulnerability.
D-Hyperlink has since acknowledged the problem in a bulletin of its personal, stating a repair is “Pending Launch / Beneath Improvement.” It described the problem as a case of LAN-side unauthenticated command execution flaw.
Ivanti Patches A number of Flaws in Endpoint Supervisor Cellular (EPMM)
Cybersecurity researchers have additionally launched a PoC exploit for a brand new vulnerability in Ivanti EPMM (CVE-2024-22026, CVSS rating: 6.7) that might allow an authenticated native consumer to bypass shell restriction and execute arbitrary instructions on the equipment.
“This vulnerability permits a neighborhood attacker to achieve root entry to the system by exploiting the software program replace course of with a malicious RPM bundle from a distant URL,” Redline Cyber Safety’s Bryan Smith mentioned.
The issue stems from a case of insufficient validation within the EPMM command-line interface’s set up command, which might fetch an arbitrary RPM bundle from a user-provided URL with out verifying its authenticity.
CVE-2024-22026 impacts all variations of EPMM earlier than 12.1.0.0. Additionally patched by Ivanti are two different SQL injection flaws (CVE-2023-46806 and CVE-2023-46807, CVSS scores: 6.7) that might permit an authenticated consumer with acceptable privilege to entry or modify knowledge within the underlying database.
Whereas there isn’t a proof that these flaws have been exploited, customers are suggested to replace to the most recent model to mitigate potential threats.
