CISA warns of active exploitation of legacy D-Link routers
Take action: If you are using D-Link DIR-605, you should update it immediately. If you are using D-Link DIR-600 routers you should replace them.
Learn More
The Cybersecurity and Infrastructure Security Agency (CISA) added two end-of-life D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog on May 16, urging immediate patching and retirement of these devices due to active exploitation.
- CVE-2014-100005 (CVSS score 8.8) is a Cross-Site Request Forgery (CSRF) flaw that affects D-Link DIR-600 routers. It allows attackers to change router configurations by hijacking an existing administrator session. Exploiting this vulnerability grants unauthorized access, enabling the modification of network configurations, potentially redirecting traffic, blocking legitimate access, or launching attacks on other devices.
-
CVE-2021-40655 (CVSS score 7.5) is an information disclosure flaw that affects D-Link DIR-605 routers. It allows attackers to obtain usernames and passwords by forging a post request to the /getcfg.php page. These credentials, exposed in plain text, can be used to access the router's settings or other accounts that reuse the same login information.
These vulnerabilities are critical since they are easy to exploit and actively used by hackers. and simple to expllo and ease of use. The D-Link DIR-605 should be updated ASAP. The DIR-600 routers affected by CVE-2014-100005 are no longer supported so there is no patch. The DIR-600 devices should be replaced.
