Cybersecurity and US infrastructure security agency (CISA) released a warning about four critical vulnerabilities that are actively being exploited.
The vulnerabilities were found in products from D-Link, Draytek, Motion Spell, and SAP, potentially posing a threat to users worldwide.
CVE-2023-25280: Vulnerability in D-Link Dir-820 Router
The first vulnerability, CVE-2023-25280 (CVSS: 9.8 rating), affects the D-Link DIR-820 router. This vulnerability allows remote unauthorized attackers to obtain Root privileges through the Ping_addr parameter in the Ping.CCP component. While it is not confirmed to be used in cyber campaigns, the potential risk is significant. CISA recommends users to discontinue the use of this router immediately since support for it has ended.
CVE-2020-15415: Vulnerability in Draytek Routers
The next vulnerability, CVE-2020-15415 (CVSS: 9.8 rating), was found in Draytek routers Vigor3900, Vigor2960, and VIGOR300B. This vulnerability allows the execution of arbitrary code through the component CGI-BIN/MINFUNCTION.CGI/CVMCFGUPLOAD. By using shell metacharacters in the filename, an attacker can remotely execute code. Users are advised to apply the manufacturer’s recommended measures or discontinue using the device if no fixes are available.
CVE-2021-4043: Vulnerability in GPAC Motion Spell
The third vulnerability, CVE-2021-4043 (CVSS: 5.5 rating), is related to the Motion Spell GPAC software. This vulnerability allows local attackers to cause a denial of service (DOS) condition. Although there are no confirmed cases of it being exploited for extortion, users should apply the manufacturer’s suggested fixes or discontinue use.