The U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified two security vulnerabilities affecting D-Link routers as actively exploited, with CVE-2014-100005 allowing attackers to change router configurations through CSRF on DIR-600 routers, and CVE-2021-40655 enabling unauthorized access to credentials on DIR-605 models
While specifics of the exploitation remain unclear, federal agencies are advised to implement vendor-provided mitigations by June 6, 2024, with an emphasis on retiring legacy products that have reached end-of-life (EoL) status. Additionally, a new set of unpatched security issues in DIR-X4860 routers was disclosed by the SSD Secure Disclosure team, where remote attackers could gain elevated privileges by exploiting an authentication bypass and command execution vulnerability. D-Link has acknowledged the problem, stating a fix is in progress, while a PoC exploit has been made available. Organizations are urged to stay vigilant and apply necessary patches to safeguard their network infrastructure. ```https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html