Skip to content

CISAnalysis – September 8, 2022

Another day, another dozen vulnerabilities added to the ’log (as they say on TikTok). Imagine showing up to the office with this box of doughnuts: the classic powdered sugar zero-day in Chrome, jelly filled remote code execution in Oracle, and an overwhelming amount of old-fashioned glazed that’ll make your head spin.

What do we mean by old-fashioned glazed? Hardware. Usually the CVEs we see added to the KEV are located in software, SaaS tools, web browsers, or Windows. It is abnormal to see so many vulnerabilities in hardware, and in particular, routers.

Of the dozen vulnerabilities, 50% of them are in routers. D-Link, a networking equipment manufacturer based in Taiwan, has four vulnerabilities alone, all affecting products that are end-of-life. One of them, CVE-2011-4723, involves storing cleartext passwords! Sorry Charlie Sheen but that is not “winning” (a vulnerability this old deserves an old reference).

CISA only adds vulnerabilities to the KEV catalog if there is clear remediation guidance. In this case, the action is clear: disconnect the product if still in use.

#cisa #cisanalysis #d-link #vulnerabilities #rce

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About vRx
vRx is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.