HomeVulnerabilityCISA Warns of Actively Exploited D-Hyperlink Router Vulnerabilities

CISA Warns of Actively Exploited D-Hyperlink Router Vulnerabilities

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added two security flaws impacting D-Hyperlink routers to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.

The record of vulnerabilities is as follows –

  • CVE-2014-100005 – A cross-site request forgery (CSRF) vulnerability impacting D-Hyperlink DIR-600 routers that permits an attacker to vary router configurations by hijacking an current administrator session
  • CVE-2021-40655 – An info disclosure vulnerability impacting D-Hyperlink DIR-605 routers that permits attackers to acquire a username and password by forging an HTTP POST request to the /getcfg.php web page

There are at present no particulars on how these shortcomings are exploited within the wild, however federal companies have been urged to use vendor-provided mitigations by June 6, 2024.

Cybersecurity

It is price noting that CVE-2014-100005 impacts legacy D-Hyperlink merchandise which have reached end-of-life (EoL) standing, necessitating that organizations nonetheless utilizing them retire and exchange the units.

The event comes because the SSD Safe Disclosure workforce revealed unpatched security points in DIR-X4860 routers that might allow distant unauthenticated attackers to entry the HNAP port with a view to receive elevated permissions and run instructions as root.

See also  Ransomware Double-Dip: Re-Victimization in Cyber Extortion

“By combining an authentication bypass with command execution the machine may be fully compromised,” it mentioned, including the problems impression routers operating firmware model DIRX4860A1_FWV1.04B03.

SSD Safe Disclosure has additionally made accessible a proof-of-concept (PoC) exploit, which employs a specifically crafted HNAP login request to the router’s administration interface to get round authentication protections and obtain code execution by making the most of a command injection vulnerability.

D-Hyperlink has since acknowledged the problem in a bulletin of its personal, stating a repair is “Pending Launch / Beneath Improvement.” It described the problem as a case of LAN-side unauthenticated command execution flaw.

Ivanti Patches A number of Flaws in Endpoint Supervisor Cellular (EPMM)

Cybersecurity researchers have additionally launched a PoC exploit for a brand new vulnerability in Ivanti EPMM (CVE-2024-22026, CVSS rating: 6.7) that might allow an authenticated native consumer to bypass shell restriction and execute arbitrary instructions on the equipment.

Cybersecurity

“This vulnerability permits a neighborhood attacker to achieve root entry to the system by exploiting the software program replace course of with a malicious RPM bundle from a distant URL,” Redline Cyber Safety’s Bryan Smith mentioned.

See also  URGENT: Improve GitLab - Vital Workspace Creation Flaw Permits File Overwrite

The issue stems from a case of insufficient validation within the EPMM command-line interface’s set up command, which might fetch an arbitrary RPM bundle from a user-provided URL with out verifying its authenticity.

CVE-2024-22026 impacts all variations of EPMM earlier than 12.1.0.0. Additionally patched by Ivanti are two different SQL injection flaws (CVE-2023-46806 and CVE-2023-46807, CVSS scores: 6.7) that might permit an authenticated consumer with acceptable privilege to entry or modify knowledge within the underlying database.

Whereas there isn’t a proof that these flaws have been exploited, customers are suggested to replace to the most recent model to mitigate potential threats.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular