CyberSpecta Logo
VulnerabilitiesBy CyberSpecta

Actively Exploited Vulnerabilities in Samsung and D-Link Devices Identified by CISA

Share

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently identified eight vulnerabilities that are actively being exploited in Samsung and D-Link devices. These vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog. Despite patches being available for all these flaws for several years, threat actors continue to exploit them. In this article, we will provide an overview of the specific vulnerabilities found in these devices and the potential risks they pose.

Samsung Device Vulnerabilities

  1. CVE-2021-25487: Out-of-bounds read vulnerability in Samsung mobile devices, allowing arbitrary code execution.

  2. CVE-2021-25489: Improper input validation vulnerability in Samsung mobile devices, leading to kernel panic.

  3. CVE-2021-25394: Race condition vulnerability in Samsung mobile devices.

  4. CVE-2021-25395: Race condition vulnerability in Samsung mobile devices.

  5. CVE-2021-25371: Unspecified vulnerability in the DSP driver used in Samsung mobile devices, enabling loading of arbitrary ELF libraries.

  6. CVE-2021-25372: Improper boundary check within the DSP driver in Samsung mobile devices.

D-Link Device Vulnerabilities

  1. CVE-2019-17621: Unauthenticated, remote code execution vulnerability in D-Link DIR-859 Router.

  2. CVE-2019-20500: Authenticated OS command injection vulnerability in D-Link DWL-2600AP access point.

Exploitation and Potential Impacts

While it is clear that a variant of the Mirai botnet is exploiting the D-Link vulnerabilities, the specific exploitation methods for Samsung devices remain unclear. However, given the targeted nature of these exploits, it is likely that they are being used in highly focused attacks by commercial spyware vendors.

The consequences of these vulnerabilities being actively exploited can be severe. Attackers can execute arbitrary code, cause denial-of-service conditions, bypass signature checks, or gain unauthorized access to devices, compromising data and network security.

Response and Recommendations

To mitigate the risks associated with these actively exploited vulnerabilities, it is crucial for Samsung and D-Link device users to apply the latest firmware updates and security patches promptly. These updates address known vulnerabilities and help protect against potential attacks.

Conclusion

Identifying actively exploited vulnerabilities in Samsung and D-Link devices highlights the ongoing need for robust cybersecurity practices. By promptly applying firmware updates and security patches, users can mitigate the risks posed by these known vulnerabilities. Stay vigilant, regularly update your devices, and prioritize cybersecurity to protect against potential threats and ensure the safety of your data and network.

Related News

Privilege Escalation Vulnerabilities in Atera Software's Windows Installers

Privilege Escalation Vulnerabilities in Atera Software's Windows Installers

Privilege escalation attacks are a severe concern to organizations, as they can lead to unauthorized access and control over sensitive systems. Mandiant's red team recently discovered zero-day vulnerabilities in the Windows Installers of Atera remote monitoring and management software. These flaws, designated as CVE-2023-26077 and CVE-2023-26078, could potentially allow attackers to execute arbitrary code with [...]

Critical Vulnerabilities Found in Honeywell Experion Systems Pose Serious Threats to Industrial Infrastructure

Critical Vulnerabilities Found in Honeywell Experion Systems Pose Serious Threats to Industrial Infrastructure

Security researchers from Armis have recently uncovered nine critical vulnerabilities in Honeywell's Experion distributed control system (DCS) products. These vulnerabilities, if exploited, could allow hackers to gain unauthorized access, remotely run code, and alter the operation of the DCS controllers. The potential impact extends beyond business disruptions, as these vulnerabilities pose a risk to critical [...]

Threat Actors Forge Signatures on Kernel-Mode Drivers using Windows Loophole

Threat Actors Forge Signatures on Kernel-Mode Drivers using Windows Loophole

Researchers at Cisco Talos have uncovered a critical vulnerability in the Windows operating system that allows threat actors, primarily native Chinese speakers, to forge signatures on kernel-mode drivers. By exploiting this loophole, malicious actors can load unverified drivers with expired certificates, bypassing Windows' driver signature enforcement. This article delves into the technical details of the [...]