CISA identifies 8 serious vulnerabilities in Samsung and D-Link devices

The US Cybersecurity and Infrastructure Agency (CISA) has identified and cataloged a set of eight actively exploited computer vulnerabilities, placing them on the list of known and exploited vulnerabilities (KEV). The flaws were discovered thanks to a careful collection of evidence of active exploitation.

Pointing out the flaws affecting Samsung and D-Link devices

The collection of flaws includes six weaknesses affecting Samsung smartphones and two vulnerabilities affecting D-Link devices. The list of vulnerabilities includes several types of problems, including competition-related violations, improper border control, arbitrary code execution and data-input validation issues in Samsung smartphones, as well as remote code executions and injections of OS commands in D-Link devices. All flaws have been fixed as of 2021.

Exploded details on vulnerabilities and possible consequences

The two vulnerabilities related to D-Link devices were added to the catalog following a report published by the Palo Alto Networks Unit 42 research group, which highlighted the association of these defects with variants of the Mirai botnet, used to spread malware across various IoT devices as of March 2023. It's not immediately clear how vulnerabilities in Samsung smartphones were exploited. However, considering the type of targeting, these flaws are likely to have been used by a commercial spyware vendor in highly targeted attacks.

Call for action by government agencies

Importantly, Google Project Zero previously discovered and made public a series of flaws in November 2022, revealing that they were weaponized as part of a chain of exploits targeting Samsung smartphones. Following the discovery of active exploits, federal civilian executive branch (FCEB) agencies have been requested to apply the necessary fixes by July 20, 2023, to ensure the security of their networks against potential threats.