The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a set of eight flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link devices. All the flaws have been patched as of 2021.
- CVE-2021-25394 (CVSS score: 6.4) – Samsung mobile devices race condition vulnerability
- CVE-2021-25395 (CVSS score: 6.4) – Samsung mobile devices race condition vulnerability
- CVE-2021-25371 (CVSS score: 6.7) – An unspecified vulnerability in the DSP driver used in Samsung mobile devices that allows loading of arbitrary ELF libraries
- CVE-2021-25372 (CVSS score: 6.7) – Samsung mobile devices improper boundary check within the DSP driver in Samsung mobile devices
- CVE-2021-25487 (CVSS score: 7.8) – Samsung mobile devices out-of-bounds read vulnerability leading to arbitrary code execution
- CVE-2021-25489 (CVSS score: 5.5) – Samsung Mobile devices improper input validation vulnerability resulting in kernel panic
- CVE-2019-17621 (CVSS score: 9.8) – An unauthenticated remote code execution vulnerability in D-Link DIR-859 Router
- CVE-2019-20500 (CVSS score: 7.8) – An authenticated OS command injection vulnerability in D-Link DWL-2600AP
The addition of the two D-Link vulnerabilities follows a report from Palo Alto Networks Unit 42 last month about threat actors associated with a Mirai botnet variant leveraging flaws in several IoT devices to propagate the malware in a series of attacks beginning in March 2023.
images from Hacker News
Recent Comments