Samsung and D-Link Under Cyber Threat: Eight New Vulnerabilities Detected by CISA

Reading Time: ( Word Count: )

July 4, 2023
Nextdoorsec-course

The Cybersecurity & Infrastructure Security Agency (CISA), renowned for issuing preventive measures to organizations based on recent research and threat actor exploits, has added and publicized a list of eight newly identified vulnerabilities being exploited by attackers.

These vulnerabilities are associated with two major entities, Samsung and D-Link.

Vulnerabilities (CVEs):

The eight new vulnerabilities include the following:

Samsung and D-Link Under Cyber Threat
  • CVE-2019-17621: D-Link DIR-859 Router Command Execution Vulnerability: Found in D-Link’s UPnP endpoint, this vulnerability has a CVSS Score of 9.8, indicating a critical risk.
  • CVE-2019-20500: D-Link DWL-2600AP Access Point Command Injection Vulnerability: This vulnerability, located in the configBackup or downloadServerip parameter, has a CVSS Score of 7.8, denoting a high risk.

In March 2023, threat actors exploited these D-Link vulnerabilities (CVE-2019-17621, CVE-2019-20500) to disseminate a variant of the Mirai botnet.

Also Read: “Inside Meduza Stealer’s Web: 19 Password Managers and 76 Crypto Wallets at Risk”

Samsung Mobile Devices Vulnerabilities:

  • CVE-2021-25487: Samsung Mobile Devices Out-of-Bounds Read Vulnerability: This flaw, resulting from the absence of boundary checks in a buffer, has a CVSS Score of 7.8, marking a high risk.
  • CVE-2021-25489: Samsung Mobile Devices Improper Input Validation Vulnerability: Due to insufficient input validation in the modem interface, this vulnerability exists, earning a CVSS Score of 5.5, indicating a medium risk.
  • CVE-2021-25394: Samsung Mobile Devices Race Condition Vulnerability: This vulnerability occurs as a race condition in the charger drivers and has a CVSS Score of 6.4, signifying a medium risk.
  • CVE-2021-25395: Samsung Mobile Devices Race Condition Vulnerability: A race condition in the charger driver enables local attackers to bypass signature checks, resulting in a CVSS Score of 6.4, reflecting a medium risk.
  • CVE-2021-25371: Samsung Mobile Devices Unspecified Vulnerability: Attackers can load arbitrary ELF libraries due to this vulnerability in the DSP driver, which has a CVSS Score 6.7, indicating a medium risk.
  • CVE-2021-25372: Samsung Mobile Devices Improper Boundary Check Vulnerability: This vulnerability arises from inadequate boundary checks in the DSP driver, allowing out-of-bounds memory access, earning it a CVSS Score of 6.7, signifying a medium risk.

There haven’t been publicly reported cases of these Samsung mobile device vulnerabilities being exploited. However, a commercial spyware vendor probably has already taken advantage of these vulnerabilities.

CISA released this list under the Binding Operational Directive to mitigate the potential risks these known exploits could pose to the federal enterprise.

Product users are encouraged to install the most recent vendor patches to reduce the risk of potential cyber-attacks.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *