This includes six vulnerabilities affecting Samsung smartphones and two affecting D-Link devices. By 2021 all the loopholes have been removed.
- CVE-2021-25394 (CVSS Score: 6.4) – Samsung Mobile Device Race Condition Vulnerability
- CVE-2021-25395 (CVSS Score: 6.4) – Samsung Mobile Device Race Condition Vulnerability
- CVE-2021-25371 (CVSS score: 6.7) – An unspecified vulnerability in the DSP driver used in Samsung mobile devices that allows arbitrary ELF libraries to be loaded
- CVE-2021-25372 (CVSS Score: 6.7) – Samsung Mobile Device Improper range detection within DSP driver in Samsung Mobile Device
- CVE-2021-25487 (CVSS Score: 7.8) – Samsung mobile device read out-of-bounds vulnerability allowing arbitrary code execution
- CVE-2021-25489 (CVSS Score: 5.5) – Improper input validation vulnerability in Samsung mobile devices resulting in a kernel panic
- CVE-2019-17621 (CVSS score: 9.8) – An unpatched remote code execution vulnerability in the D-Link DIR-859 router
- CVE-2019-20500 (CVSS Score: 7.8) – A Verified OS Command Injection Vulnerability in D-Link DWL-2600AP
The addition of the two D-Link vulnerabilities follows a report from Palo Alto Networks Unit 42 last month about dangerous actors linked to the Mirai botnet variant, which is expected to launch malware in a series of attacks starting in March 2023. Many are exploiting flaws in IoT devices to spread.
However, it is not immediately clear how the loophole in Samsung devices is being wildly exploited. But given the nature of the targeting, it is likely that they were used by a commercial spyware vendor in highly targeted attacks.
It is worth noting that Google Project Zero disclosed a set of flaws in November 2022 that it said was weaponized as part of an exploit chain aimed at Samsung handsets.
In light of the active exploit, federal civilian executive branch (FCEB) agencies are required to implement necessary fixes by July 20, 2023, to secure their networks against potential threats.