The Cybersecurity & Infrastructure Security Agency (CISA), renowned for issuing preventive measures to organizations based on recent research and threat actor exploits, has added and publicized a list of eight newly identified vulnerabilities being exploited by attackers.
These vulnerabilities are associated with two major entities, Samsung and D-Link.
The eight new vulnerabilities include the following:
- CVE-2019-17621: D-Link DIR-859 Router Command Execution Vulnerability: Found in D-Link’s UPnP endpoint, this vulnerability has a CVSS Score of 9.8, indicating a critical risk.
- CVE-2019-20500: D-Link DWL-2600AP Access Point Command Injection Vulnerability: This vulnerability, located in the configBackup or downloadServerip parameter, has a CVSS Score of 7.8, denoting a high risk.
In March 2023, threat actors exploited these D-Link vulnerabilities (CVE-2019-17621, CVE-2019-20500) to disseminate a variant of the Mirai botnet.
Samsung Mobile Devices Vulnerabilities:
- CVE-2021-25487: Samsung Mobile Devices Out-of-Bounds Read Vulnerability: This flaw, resulting from the absence of boundary checks in a buffer, has a CVSS Score of 7.8, marking a high risk.
- CVE-2021-25489: Samsung Mobile Devices Improper Input Validation Vulnerability: Due to insufficient input validation in the modem interface, this vulnerability exists, earning a CVSS Score of 5.5, indicating a medium risk.
- CVE-2021-25394: Samsung Mobile Devices Race Condition Vulnerability: This vulnerability occurs as a race condition in the charger drivers and has a CVSS Score of 6.4, signifying a medium risk.
- CVE-2021-25395: Samsung Mobile Devices Race Condition Vulnerability: A race condition in the charger driver enables local attackers to bypass signature checks, resulting in a CVSS Score of 6.4, reflecting a medium risk.
- CVE-2021-25371: Samsung Mobile Devices Unspecified Vulnerability: Attackers can load arbitrary ELF libraries due to this vulnerability in the DSP driver, which has a CVSS Score 6.7, indicating a medium risk.
- CVE-2021-25372: Samsung Mobile Devices Improper Boundary Check Vulnerability: This vulnerability arises from inadequate boundary checks in the DSP driver, allowing out-of-bounds memory access, earning it a CVSS Score of 6.7, signifying a medium risk.
There haven’t been publicly reported cases of these Samsung mobile device vulnerabilities being exploited. However, a commercial spyware vendor probably has already taken advantage of these vulnerabilities.
CISA released this list under the Binding Operational Directive to mitigate the potential risks these known exploits could pose to the federal enterprise.
Product users are encouraged to install the most recent vendor patches to reduce the risk of potential cyber-attacks.