D-Link Routers Under Attack: CISA Issues Urgent Warning

The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities in D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of their active exploitation.

The CSRF vulnerability CVE-2014-100005 affects D-Link DIR-600 routers, allowing an attacker to modify the router’s configurations by hijacking an existing administrator session. The information disclosure vulnerability CVE-2021-40655 impacts D-Link DIR-605 routers, enabling attackers to obtain the username and password by forging an HTTP POST request to the /getcfg.php page.

Currently, there are no detailed accounts of how these vulnerabilities are being exploited in real-world scenarios, but federal agencies have been instructed to implement D-Link’s recommended mitigation measures by June 6, 2024.

It is important to note that the CVE-2014-100005 vulnerability pertains to obsolete D-Link products that have reached the end of their life cycle. Organizations still using such devices are strongly advised to replace them with newer models.

This development coincides with the news that experts from SSD Secure Disclosure have discovered vulnerabilities in the D-Link EXO AX4800 (DIR-X4860) router, which allow for complete control over the device. SSD analysts have provided step-by-step instructions for exploiting the identified vulnerabilities and have made the proof-of-concept (PoC) publicly available.