Adrian Johnson
TLDR:
- CISA added two D-Link router vulnerabilities to its exploited vulnerabilities catalog
- The bugs allow attackers to change router configurations and obtain usernames and passwords
The Cybersecurity and Infrastructure Security Agency (CISA) recently added two end-of-life D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The first bug, CVE-2014-100005, allows attackers to change router configurations by exploiting a cross-site request forgery (CSRF) flaw on D-Link DIR-600 routers. The second vulnerability, CVE-2021-40655, enables attackers to obtain usernames and passwords from D-Link DIR-605 routers through an information disclosure vulnerability.
Sarah Jones, a cyber threat intelligence research analyst at Critical Start, emphasized the urgency of patching these vulnerabilities due to confirmed exploitation and their ease of use. Exploiting CVE-2014-100005 allows attackers to grant unauthorized access to modify network configurations, potentially redirecting traffic or launching attacks on other devices. CVE-2021-40655 enables attackers to steal usernames and passwords in plain text from D-Link DIR-605 routers.
Casey Ellis, founder and chief strategy officer at Bugcrowd, highlighted the importance of securing home network devices, as attackers can establish core persistence and control the entire network behind the router. With the increase in work-from-home practices globally, home networks have become an attractive target for threat actors.
