CISA Adds Samsung Phone Vulnerabilities to Its “Must Patch” Vulnerabilities Catalog

• The Cybersecurity and Infrastructure Security Agency (CISA) has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including vulnerabilities affecting D-Link routers and access points, and Samsung mobile devices.
• Users of the affected devices are advised to immediately update their firmware or software to the latest versions to protect against these active exploits.

In an ongoing effort to enhance cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has identified and added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These additions are based on evidence of active exploitation in the wild, and they encompass a range of devices and manufacturers.

The first new addition, CVE-2019-17621, refers to a command execution vulnerability in the D-Link DIR-859 router. This vulnerability could allow an attacker to execute arbitrary commands on the system, granting them potentially full control over the affected device. Users of D-Link DIR-859 are advised to update their firmware to the latest version to mitigate this vulnerability.

CVE-2019-20500 is another D-Link vulnerability, this time affecting the DWL-2600AP Access Point. This command injection vulnerability could allow an attacker to inject malicious commands into the device, compromising its integrity and potentially the connected network. As with the previous vulnerability, D-Link DWL-2600AP users should update their device firmware as soon as possible.

The remaining six vulnerabilities added to the catalog pertain to various Samsung mobile devices. CVE-2021-25487 is an out-of-bounds read vulnerability. This could allow an attacker to read data they’re not supposed to have access to, potentially exposing sensitive information stored on the device.

CVE-2021-25489, another Samsung-related vulnerability, involves improper input validation. This could allow an attacker to cause a denial of service, execute arbitrary code, or potentially even gain unauthorized access to the device, depending on the nature and extent of the improper validation.

Two similar vulnerabilities have also been identified, CVE-2021-25394 and CVE-2021-25395, both of which are race condition vulnerabilities. These could potentially allow an attacker to alter the normal flow of processes within the device, leading to a wide range of possible adverse effects.  Both were fixed by Samsung in May 2021. 

CVE-2021-25371 is an unspecified vulnerability. While the exact nature of this vulnerability is not detailed, Samsung mobile device users should remain vigilant and ensure their devices are kept up to date.

Finally, CVE-2021-25372 pertains to an improper boundary check vulnerability in Samsung mobile devices. This could allow an attacker to write data past the end of an allocated data structure, potentially leading to a crash, data corruption, or other unforeseen consequences.

CISA urges users of all affected devices to apply patches and updates as soon as they become available. Keeping systems up to date is one of the most effective ways to protect against known vulnerabilities.