Sep 08, 2022
Another day, another dozen vulnerabilities added to the ’log (as they say on TikTok). Imagine showing up to the office with this box of doughnuts: the classic powdered sugar zero-day in Chrome, jelly filled remote code execution in Oracle, and an overwhelming amount of old-fashioned glazed that’ll make your head spin.
What do we mean by old-fashioned glazed? Hardware. Usually the CVEs we see added to the KEV are located in software, SaaS tools, web browsers, or Windows. It is abnormal to see so many vulnerabilities in hardware, and in particular, routers.
Of the dozen vulnerabilities, 50% of them are in routers. D-Link, a networking equipment manufacturer based in Taiwan, has four vulnerabilities alone, all affecting products that are end-of-life. One of them, CVE-2011-4723, involves storing cleartext passwords! Sorry Charlie Sheen but that is not “winning” (a vulnerability this old deserves an old reference).
CISA only adds vulnerabilities to the KEV catalog if there is clear remediation guidance. In this case, the action is clear: disconnect the product if still in use.
#cisa #cisanalysis #d-link #vulnerabilities #rce
Online Casino Heist Shreds Confidence in CybersecurityPaul Lighter November 30, 2022
New Subscription TabShahar Reichman November 30, 2022
The Dark Stuff - Tor - Continuedacephale 4w November 29, 2022
Choosing the Right Access Control ModelJenny R November 25, 2022
Fortinet Authentication Bypass Vulnerability - CVE-2022-40684Khurram Arif November 25, 2022