In a recent security alert, it has been discovered that there are vulnerabilities in certain switches and inter-sections of the Juniper series EX and SRX. These devices, equipped with the Junos operating system, are susceptible to a remote code execution exploit. The vulnerability, identified as cve-2024-21591, allows attackers to cause a buffer overflow without authentication through the J-WEB Web-WEB interface, potentially gaining ROOT code access to the device. Details regarding the operation of this vulnerability have not yet been disclosed. Juniper has released updates to address this issue and recommends installing Junos OS 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, or 23.4R1 to eliminate the vulnerability. As a temporary measure, users can disable the Web-interface by removing the “System Services Web-Management HTTP” and “System Services Web-Management HTTPS” options.
Another vulnerability has been identified in certain D-Link IP frames. This vulnerability, categorized as CVE-2023-51624 and CVE-2023-51626, allows attackers to execute arbitrary code with Root rights without authentication. Specifically, the D-Link DCS-8300LHV2 devices are affected by this issue. The vulnerabilities are a result of missing USRNAME and Nonce parameters in the RTSP server code, leading to a fixed-size buffer overflow when data is copied through the Authorization title. D-Link has addressed this problem with a firmware update to version 1.07.02.
In addition, a less dangerous vulnerability, labeled as CVE-2023-51631, has been found in D-Link DIR-X3260 routers. To exploit this vulnerability, an attacker would need authorized access to the Web interface. Once authenticated, they can execute arbitrary code with Root rights on the device. The vulnerability stems from a lack of size checking in the ProG.cgi script, resulting in an overflow when external data is copied into a fixed buffer. D-Link has resolved this issue by releasing firmware update 1.04b01hotfix beta.
It is crucial for affected users to promptly apply the necessary updates or temporary defenses provided by the respective manufacturers to safeguard their devices from potential exploits.