CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 12 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including four vulnerabilities in D-Link routers, two Chrome zero-day issues, and a recently disclosed flaw in the QNAP Photo Station.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
Below is the list of the flaws added to the catalog:
The vulnerabilities in D-Link routers added to the catalog are:
- CVE-2022-28958 D-Link DIR-816L Remote Code Execution Vulnerability
- CVE-2022-26258 D-Link DIR-820L Remote Code Execution Vulnerability
- CVE-2018-6530 D-Link Multiple Routers OS Command Injection Vulnerability
- CVE-2011-4723 D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability
Last week, Google rolled out emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser that is being actively exploited in the wild. Now CISA added this flaw to the Catalog.
CISA also added the CVE-2022-27593 in QNAP NAS appliances to its catalog. This week, the Taiwanese vendor warned its customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station.
CISA orders federal agencies to fix these vulnerabilities by September 29, 2022.
(SecurityAffairs – hacking, CISA)