Cisa added Two new vulnerabilities of D-Link routers in your KEV catalog based on evidence of their active operation.
- CSRF-vulnerability cve-2014-100005 Sensitrators of D-Link DIR-600 and Allows the attacker to change the configuration of the router, capturing the existing session of the administrator.
- The vulnerability of information disclosure cve-2021-40655 affects the routers D-Link DIR-605. Allows get User name and password by falsification of the HTTP questioning to the page /getcfg.php.
At the moment, there are no details about how these vulnerabilities are used in real conditions, but the federal agencies have received an instruction to accept the proposed d-link here.
/Reports, release notes, official announcements.