The US Cybersecurity and Infrastructure Security Agency (CISA) has added multiple security flaws affecting products with Zyxel, North Grid Proself, ProjectSendand Cyber panel to its known vulnerabilities used (KEV) catalog with reference to evidence of active exploitation in the wild.
The list of vulnerabilities is as follows –
- CVE-2024-51378 (CVSS Score: 10.0) – Incorrect default permissions vulnerability that could allow authentication bypass and execution of arbitrary commands using shell metacharacters in the statusfile property
- CVE-2023-45727 (CVSS Score: 7.5) – Incorrect XML External Entity (XXE) reference restriction that could allow a remote, unauthenticated attacker to launch an XXE attack
- CVE-2024-11680 (CVSS Score: 9.8) – Misauthentication vulnerability that allows a remote, unauthenticated attacker to create accounts, download web shells, and inject malicious JavaScript
- CVE-2024-11667 (CVSS Score: 7.5) – Path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL
The inclusion of CVE-2023-45727 in the KEV catalog follows a Trend Micro report published on November 19, 2024. connected its active use for a China-based cyberespionage group dubbed Earth Kasha (aka MirrorFace).
Then last week, cybersecurity vendor VulnCheck revealed that attackers tried to weaponize CVE-2024-11680 back in September 2024. to drop payloads after operation.
Abuse CVE-2024-51378 and CVE-2024-11667, on the other hand, was attributed to different ransomware companies such as PSAUX and Helldown, according to Censys and Sekoya.
Federal Civil Executive Entities (FCEB) are advised to address identified vulnerabilities by December 25, 2024 to secure their networks.
Many bugs in IO DATA routers are being attacked
The development is delivered as JPCERT/CC warned that three security flaws in the IO DATA UD-LT1 and UD-LT1/EX routers are exploited by unknown threats.
- CVE-2024-45841 (CVSS Score: 6.5) – Incorrect permission assignment for a critical resource vulnerability that could allow an attacker with access to the guest account to read sensitive files, including files containing credentials
- CVE-2024-47133 (CVSS Score: 7.2) – An operating system (OS) command injection vulnerability that could allow a user logged on with an administrator account to execute arbitrary commands
- CVE-2024-52564 (CVSS Score: 7.5) – An undocumented feature vulnerability is included that allows a remote attacker to disable the firewall function and execute arbitrary OS commands or modify the router’s configuration
While patches for CVE-2024-52564 were available with firmware Ver2.1.9, fixes for the other two flaws are not expected until December 18, 2024. (Ver2.2.0).
Meanwhile, there is a Japanese company counseling that customers restrict the settings screen from accessing the Internet by disabling remote control, changing default guest user passwords, and ensuring that admin passwords are not trivial to guess.
