The Cybersecurity and Infrastructure Security Agency (CISA) added two end-of-life D-Link router bugs, CVE-2014-100005 on DIR-600 and CVE-2021-40655 on DIR-605, to its KEV catalog as they were being exploited in the wild. The first bug allowed attackers to change configurations through CSRF on DIR-600 routers, while the second let them obtain usernames and passwords on DIR-605 routers. Exploiting these vulnerabilities could lead to unauthorized access, redirecting traffic, blocking legitimate access, or stealing credentials
Security experts urge immediate patching and device replacement, warning that attackers could control entire networks if they compromise router configurations. Especially with the prevalence of work-from-home setups, these vulnerabilities pose significant risks and need prompt mitigation interventions. ```https://www.scmagazine.com/news/2-d-link-router-bugs-added-to-cisas-exploited-vulnerabilities-catalog