US government warns of D-Link router security flaws — patch now or potentially pay the price

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock) (Image credit: Shutterstock)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities, found in some D-Link routers, to its database of Known Exploited Vulnerabilities (KEV), meaning it has evidence of in-the-wild abuse.

The two vulnerabilities are tracked as CVE-20214-100005, and CVE-2021-40655. The former is a cross-site request forgery (CSRF) flaw, found in D-Link DIR-600 routers, while the latter is an information disclosure flaw found in D-Link DIR-605 routers. The former allows threat actors to change router configurations, while the latter enables login credential theft.

CISA did not detail exactly who, or how, is exploiting these vulnerabilities in the wild, but did give federal agencies a deadline of June 6, 2024, to address the issue. 

Patches available

The best way to fix the flaws is by patching the compromised devices. The cross-site request forgery vulnerability has been around for almost a decade, as it was first reported back in 2015. It is also worth mentioning that the D-Link DIR-600 devices, vulnerable to this flaw, have reached their end-of-life status, and as such no longer receive updates or security patches. 

Any new vulnerabilities found in these endpoints will remain unaddressed, so the safest thing to do at this point would be to just replace them with newer models that are still receiving vendor updates and security patches. 

The CSRF flaw is no game, either. It is labeled “critical”, and essentially allows threat actors to remotely hijack the authentication of administrators for requests that either create an administrator account or enable remote management via a crafted configuration module. Furthermore, attackers can use the flaw to activate new configuration settings, or send a ping via a ping action to diagnostic.php.

CVE-2021-40655, on the other hand, while allowing attackers to obtain some login credentials, has been labeled as “problematic”.

Via The Hacker News

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.