Cisco Talos cybersecurity experts: The attacker, a single actor, deploys a variety of malware, such as DcRAT and QuasarRAT, via diplomatic and humanitarian lures.
Cisco Talos discovered. multiple vulnerabilities in D-LINK DIR-3040 wireless router. An attacker could carry out a variety of malicious actions, including exposing sensitive information, causing a DoS and executing arbitrary code
D-LINK DIR-3040 wireless router has multiple vulnerabilities. It has been discovered by Cisco Talos cybersecurity experts. The flaws could allow an attacker to carry out a variety of malicious actions, including exposing sensitive information, causing a denial of service and gaining the ability to execute arbitrary code. The vulnerabilities are:
- CVE-2021-21816 and CVE-2021-21817 are information disclosure flaws in the router that could be triggered by a specially crafted network request. An attacker could exploit these vulnerabilities to view the device’s system log;
- CVE-2021-21818 and CVE-2021-21820 are both hardcoded password vulnerabilities. However, the could cause a denial of service, while the second could allow an attacker to execute code on the router.
- CVE-2021-21819: An adversary could also gain the ability to execute code by exploiting the flaw after sending the target a sequence of requests.
Cisco Talos worked with D-LINK to ensure that these issues are resolved and an update is available for affected customers.