CISA identifies 8 vulnerabilities actively exploited in Samsung and D-Link equipment

The US Cyber Security and Infrastructure Security Agency (CISA) has placed a set of eight flaws in the Known Exploitable Vulnerabilities (KEV) catalog based on evidence of active exploitation.

by Vikash Kumawat
0 comments 240 views 0 minutes read

This includes six vulnerabilities affecting Samsung smartphones and two affecting D-Link devices. By 2021 all the loopholes have been removed.

  • CVE-2021-25394 (CVSS Score: 6.4) – Samsung Mobile Device Race Condition Vulnerability
  • CVE-2021-25395 (CVSS Score: 6.4) – Samsung Mobile Device Race Condition Vulnerability
  • CVE-2021-25371 (CVSS score: 6.7) – An unspecified vulnerability in the DSP driver used in Samsung mobile devices that allows arbitrary ELF libraries to be loaded
  • CVE-2021-25372 (CVSS Score: 6.7) – Samsung Mobile Device Improper range detection within DSP driver in Samsung Mobile Device
  • CVE-2021-25487 (CVSS Score: 7.8) – Samsung mobile device read out-of-bounds vulnerability allowing arbitrary code execution
  • CVE-2021-25489 (CVSS Score: 5.5) – Improper input validation vulnerability in Samsung mobile devices resulting in a kernel panic
  • CVE-2019-17621 (CVSS score: 9.8) – An unpatched remote code execution vulnerability in the D-Link DIR-859 router
  • CVE-2019-20500 (CVSS Score: 7.8) – A Verified OS Command Injection Vulnerability in D-Link DWL-2600AP

The addition of the two D-Link vulnerabilities follows a report from Palo Alto Networks Unit 42 last month about dangerous actors linked to the Mirai botnet variant, which is expected to launch malware in a series of attacks starting in March 2023. Many are exploiting flaws in IoT devices to spread.

However, it is not immediately clear how the loophole in Samsung devices is being wildly exploited. But given the nature of the targeting, it is likely that they were used by a commercial spyware vendor in highly targeted attacks.

It is worth noting that Google Project Zero disclosed a set of flaws in November 2022 that it said was weaponized as part of an exploit chain aimed at Samsung handsets.

In light of the active exploit, federal civilian executive branch (FCEB) agencies are required to implement necessary fixes by July 20, 2023, to secure their networks against potential threats.

You may also like

Leave a Comment

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00