The Cybersecurity and Infrastructure Security Agency (CISA) has added 12 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Apple, Chrome, Android OS, D-Link (5), QNAP NAS, MikroTik, Oracle WebLogic, FortiOS and FortiADC flaws.
An attacker could exploit these vulnerabilities to take control of impacted systems.
D-Link CVE exploits
CISA added five D-Link CVEs to the exploited vulnerability catalog on September 8, 2022, two that could result in remote code execution:
- CVE-2022-28958: D-Link DIR-816L contains an unspecified vulnerability in the shareport.php value parameter which allows for remote code execution.
- CVE-2022-26258: D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.
- CVE-2011-4723: D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.
- CVE-2018-6530: Multiple D-Link routers contain an unspecified vulnerability which allows for execution of OS commands.
- CVE-2011-4723: D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.
Chrome and Android OS CVE exploits
CISA also added a Google Chrome and Android OS vulnerability to the exploited vulnerability catalog.
On September 2, Google had released Chrome 105.0.5195.102 for Windows, Mac and Linux with a fix for a High severity zero-day vulnerability CVE-2022-3075 exploited in the wild.
Moreover, an older Android OS CVE-2011-1823 was added to the exploit catalog.
“The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor,” CISA noted.
Other CVE exploits
In addition, CISA added the following CVEs to the Known Exploited Vulnerabilities Catalog:
- CVE-2022-27593: QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
- CVE-2018-7445: MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.
- CVE-2018-2628: Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
- CVE-2018-13374: FortiOS and FortiADC contain an improper access control vulnerability which allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
- CVE-2017-5521: Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.