2 new D-Link router bugs join CISA’s exploited vulnerabilities list

May 18, 2024
1 min read

TLDR:

  • CISA added two D-Link router vulnerabilities to its exploited vulnerabilities catalog
  • The bugs allow attackers to change router configurations and obtain usernames and passwords

The Cybersecurity and Infrastructure Security Agency (CISA) recently added two end-of-life D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The first bug, CVE-2014-100005, allows attackers to change router configurations by exploiting a cross-site request forgery (CSRF) flaw on D-Link DIR-600 routers. The second vulnerability, CVE-2021-40655, enables attackers to obtain usernames and passwords from D-Link DIR-605 routers through an information disclosure vulnerability.

Sarah Jones, a cyber threat intelligence research analyst at Critical Start, emphasized the urgency of patching these vulnerabilities due to confirmed exploitation and their ease of use. Exploiting CVE-2014-100005 allows attackers to grant unauthorized access to modify network configurations, potentially redirecting traffic or launching attacks on other devices. CVE-2021-40655 enables attackers to steal usernames and passwords in plain text from D-Link DIR-605 routers.

Casey Ellis, founder and chief strategy officer at Bugcrowd, highlighted the importance of securing home network devices, as attackers can establish core persistence and control the entire network behind the router. With the increase in work-from-home practices globally, home networks have become an attractive target for threat actors.

Latest from Blog

Boosting Indonesia’s Cybersecurity Post Ransomware Attacks

Strengthening Indonesia‚Äôs Cybersecurity Defenses In Wake Of Ransomware Attacks TLDR: – Recent ransomware attack on Indonesia’s National Data Centre highlights need for strong cybersecurity measures – Key recommendations include regular security audits,

Simplify your workload with AI-powered threat intelligence reports

TLDR: Cybersecurity professionals face challenges managing workloads, budgets, and attack surfaces. AI-driven threat intelligence reporting tool, IQ Report Generator by Cybersixgill, helps automate and streamline the reporting process. Article Summary: Cybersecurity professionals