The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently identified eight vulnerabilities that are actively being exploited in Samsung and D-Link devices. These vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog. Despite patches being available for all these flaws for several years, threat actors continue to exploit them. In this article, we will provide an overview of the specific vulnerabilities found in these devices and the potential risks they pose.
Samsung Device Vulnerabilities
- CVE-2021-25487: Out-of-bounds read vulnerability in Samsung mobile devices, allowing arbitrary code execution.
- CVE-2021-25489: Improper input validation vulnerability in Samsung mobile devices, leading to kernel panic.
- CVE-2021-25394: Race condition vulnerability in Samsung mobile devices.
- CVE-2021-25395: Race condition vulnerability in Samsung mobile devices.
- CVE-2021-25371: Unspecified vulnerability in the DSP driver used in Samsung mobile devices, enabling loading of arbitrary ELF libraries.
- CVE-2021-25372: Improper boundary check within the DSP driver in Samsung mobile devices.
D-Link Device Vulnerabilities
- CVE-2019-17621: Unauthenticated, remote code execution vulnerability in D-Link DIR-859 Router.
- CVE-2019-20500: Authenticated OS command injection vulnerability in D-Link DWL-2600AP access point.
Exploitation and Potential Impacts
While it is clear that a variant of the Mirai botnet is exploiting the D-Link vulnerabilities, the specific exploitation methods for Samsung devices remain unclear. However, given the targeted nature of these exploits, it is likely that they are being used in highly focused attacks by commercial spyware vendors.
The consequences of these vulnerabilities being actively exploited can be severe. Attackers can execute arbitrary code, cause denial-of-service conditions, bypass signature checks, or gain unauthorized access to devices, compromising data and network security.
Response and Recommendations
To mitigate the risks associated with these actively exploited vulnerabilities, it is crucial for Samsung and D-Link device users to apply the latest firmware updates and security patches promptly. These updates address known vulnerabilities and help protect against potential attacks.
Conclusion
Identifying actively exploited vulnerabilities in Samsung and D-Link devices highlights the ongoing need for robust cybersecurity practices. By promptly applying firmware updates and security patches, users can mitigate the risks posed by these known vulnerabilities. Stay vigilant, regularly update your devices, and prioritize cybersecurity to protect against potential threats and ensure the safety of your data and network.
