CISA Warns of Actively Exploited Flaws in D-Link, DrayTek, Motion Spell, and SAP Products
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding four critical vulnerabilities that are actively being exploited in the wild. The vulnerabilities were discovered in products from D-Link, DrayTek, Motion Spell, and SAP, posing potential risks to users worldwide.
- CVE-2023-25280: D-Link DIR-820 Router Vulnerability
The first vulnerability, CVE-2023-25280 (CVSS score: 9.8), affects the D-Link DIR-820 router. This flaw allows remote, unauthorized attackers to gain root privileges via the ping_addr parameter in the ping.ccp component. Although there is no confirmed exploitation in ransomware campaigns thus far, the vulnerability remains a serious threat. Since the router is no longer supported, CISA advises users to discontinue its use immediately.
- CVE-2020-15415: DrayTek Router Vulnerability
The next vulnerability, CVE-2020-15415 (CVSS score: 9.8), is found in the DrayTek Vigor3900, Vigor2960, and Vigor300B routers. It enables arbitrary code execution via the cgi-bin/mainfunction.cgi/cvmcfgupload component. By exploiting shell metacharacters in the filename, an attacker can remotely execute code. Users are urged to apply the manufacturer’s recommended patches or cease using the device if fixes are unavailable.
- CVE-2021-4043: GPAC Motion Spell Vulnerability
The third vulnerability, CVE-2021-4043 (CVSS score: 5.5), involves GPAC software from Motion Spell. This null pointer dereference vulnerability allows local attackers to trigger a denial of service (DoS). Although there have been no confirmed cases of its exploitation for extortion, users should apply the patches provided by the manufacturer or discontinue using the software.
- CVE-2019-0344: SAP Commerce Cloud Vulnerability
The final vulnerability, CVE-2019-0344 (CVSS score: 9.8), affects SAP Commerce Cloud (formerly Hybris). It involves the deserialization of untrusted data in the mediaconversion and virtualjdbc extensions, potentially leading to code injection attacks. Users are advised to follow remediation guidance or discontinue the use of the affected components.
CISA strongly recommends that these vulnerabilities be addressed by October 21, 2024. Federal agencies must take timely action to protect their systems, including applying updates or discontinuing the use of vulnerable components.
