Beware of Hackers: CISA Flags D-Link Router Vulnerabilities as Actively Exploited Threats

D-Link’s routers are under cyber siege! CISA’s KEV list now includes two gnarly bugs, CVE-20214-100005 and CVE-2021-40655, making routers as secure as cheese to hackers’ mice. Tick-tock, agencies, patch by 2024!

Hot Take:

It’s like a horror movie for routers: “Night of the Living Vulnerabilities!” Just when you think your trusty old D-Link has dodged every digital bullet, CISA drops a bombshell that it’s basically a zombie router with exploitable flaws. And if you’re still using a DIR-600, you might as well hang a “Hack Me” sign on your network. RIP, outdated tech.

Key Points:

  • CISA has identified two D-Link router vulnerabilities that are actively being exploited in the wild.
  • The vulnerabilities, CVE-20214-100005 and CVE-2021-40655, affect DIR-600 and DIR-605 routers respectively.
  • DIR-600 routers suffer from a CSRF flaw that enables unauthorized configuration changes while DIR-605 routers have an information disclosure flaw.
  • The DIR-600 routers are end-of-life, meaning no more updates or patches, leaving them open to eternal damnation by hackers.
  • Agencies have until June 6, 2024, to exorcise these vulnerabilities from their networks.
Cve id: CVE-2021-40655
Cve state: PUBLISHED
Cve assigner short name: mitre
Cve date updated: 09/24/2021
Cve description: An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

Need to know more?

Router Exorcism Required

Imagine your router being possessed by a digital demon that's over a decade old, and you've got the CSRF vulnerability in the DIR-600. It's like finding out your house was built on an ancient cyber burial ground. This flaw is no Casper the Friendly Ghost; it's rated "critical" for a reason. It lets cyber ghouls hijack your router's admin rights and throw a party in your network settings. Just remember, there's no Ghostbusters for routers, so it's time to upgrade to a less haunted model.

The Less-Scary Cousin

Meanwhile, CVE-2021-40655 is the less terrifying cousin that just lets attackers peak at your login credentials. Still creepy, but it won't rearrange your network's furniture in the middle of the night. It's labeled "problematic," which in cybersecurity terms is like saying, "It's just a flesh wound." But let's be real, in the digital world, even a flesh wound can leave you limping on the information superhighway.

The Doomsday Clock is Ticking

Tick-tock, the countdown is on. Federal agencies have a deadline: June 6, 2024. It's like a reverse New Year’s Eve where the ball dropping means your network's defenses are up for a year-long hacker rave. So, if you're part of an agency, mark your calendars, set a reminder, tattoo the date on your arm—whatever it takes to remember to kick these vulnerabilities to the curb.

The Zombie Apocalypse of Devices

And let's pour one out for the DIR-600 devices, the routers that have shuffled off to the great recycling bin in the sky. These end-of-life gadgets are now the walking dead of tech, no longer receiving life-saving patches or updates. It's a stark reminder that clinging to outdated tech is like refusing to leave the house during a zombie outbreak because you're halfway through binge-watching your favorite show.

Sign up for More Terrifying Tales

If you're the type who loves a good cyber scare story, TechRadar Pro has a newsletter for you. It's like getting a regular dose of digital ghost stories, except these ghosts can actually mess with your livelihood. And if you're in the mood for some shopping, they've got recommendations for firewalls and endpoint protection tools to help fortify your digital homestead against the next router poltergeist.

From the Cybersecurity Crypt Keeper

Lastly, a nod to the author of our alarming news, Sead, who's like the Crypt Keeper of cybersecurity journalism. He's been narrating these digital horror stories for over a decade and even teaches others how to write them. So, when it comes to spooky router vulnerabilities, you're reading the words of a seasoned scaremonger.

Tags: Critical Flaws, CVE-2021-40005, CVE-2021-40655, D-Link Vulnerabilities, End-of-Life Devices, Federal Agency Compliance, information disclosure, Router Security