D-Link Disaster: Unpatched Routers Exposed to Wild Cyber Threats! Act Now to Secure Your Network

Feeling insecure? You’re not alone. D-Link routers are facing the music with CISA spotlighting their vulnerabilities. Time to patch up or say bye to your cybersecurity! #RouterRuckus 🛡️😱

Hot Take:

Oh, look, it’s another day and another router vulnerability! This time, our digital guardians at CISA are playing cybersecurity whack-a-mole with D-Link router flaws that someone’s actually having a field day with. Meanwhile, over at Ivanti, it’s like they threw a cybersecurity party and a local attacker found a VIP backdoor pass with their EPMM software. If your router was a milk carton, it’d be past its expiration date and curdling in the corner of the internet fridge.

Key Points:

  • CISA adds D-Link router flaws to its “Most Wanted” list of vulnerabilities due to active exploitation.
  • A blast from the past, CVE-2014-10005, and a fresher CVE-2021-40655 mean it’s time to retire those old DIR-600 and DIR-605 routers.
  • SSD Secure Disclosure drops a PoC exploit for DIR-X4860 routers, because who doesn’t love a good router hijacking?
  • Ivanti’s EPMM software gets caught with its cyber-pants down thanks to a new vulnerability that lets local users play dress-up with root access.
  • Federal agencies have until June 2024 to fix their digital plumbing, or else they might face a flood of cyber-nasties.
Cve id: CVE-2023-46807
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 05/22/2024
Cve description: An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

Cve id: CVE-2023-46806
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 05/22/2024
Cve description: An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

Cve id: CVE-2014-100005
Cve state: PUBLISHED
Cve assigner short name: mitre
Cve date updated: 09/07/2017
Cve description: Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.

Cve id: CVE-2024-22026
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 05/22/2024
Cve description: A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.

Cve id: CVE-2021-40655
Cve state: PUBLISHED
Cve assigner short name: mitre
Cve date updated: 09/24/2021
Cve description: An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

Need to know more?

Routers Gone Wild

You'd think routers would have learned to behave by now, but nope! The CVEs-du-jour, 2014-100005 and 2021-40655, are having a router rave without invites. The former lets attackers play puppeteer with your router settings, while the latter is like an overly chatty router spilling all your secrets. If you're rocking gear from the technological stone age, it's time for an upgrade, lest you want your router to join the cybersecurity hall of shame.

Firmware Fiesta Fiasco

Just when you thought it was safe to go back into the network, SSD Secure Disclosure has whipped up a PoC exploit that could make your DIR-X4860 router spill its digital guts. It's like giving a burglar the keys to your house, plus a map of where you hide the fine china. D-Link's bulletin is the equivalent of an "I'm sorry" card that says they're working on it, so that's comforting, right?

Ivanti's Oopsie-Daisy

Meanwhile, Ivanti decided to join the vulnerability conga line with a local user having a bit too much fun with their EPMM. If "root access" and "software update process" in the same sentence don't make you nervous, you're probably living in a cybersecurity utopia (or denial). The silver lining? Ivanti patched the party fouls, so update like your digital life depends on it, because it just might.

The Patchwork Quilt of Cybersecurity

So, kids, what have we learned today? If your router's firmware is old enough to attend kindergarten, it's time for a change. If you're using Ivanti EPMM, don't wait for an RSVP to this patch party—just go. With active exploitation more popular than the latest TikTok dance, keeping your network safe is like playing a never-ending game of cyber cat-and-mouse. Now go update before you become the cheese.

Tags: CVE-2014-100005, CVE-2021-40655, CVE-2024-22026, D-Link Vulnerabilities, Ivanti EPMM flaw, Network Security, patch management, Proof-of-Concept Exploit