CISA Alerts on Exploitation of Zyxel and ProjectSend Flaws

CISA Alerts on Exploitation of Zyxel and ProjectSend Flaws

Title: Critical Cybersecurity Flaws Identified in Zyxel, I-O DATA Routers, and More

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several significant cybersecurity vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel. These vulnerabilities, which have been actively exploited, pose serious risks to organizations and individuals alike. In this article, we’ll discuss the details surrounding these vulnerabilities and how they can impact your cybersecurity posture.

Major Vulnerabilities in Zyxel and Other Products

CISA has flagged the following vulnerabilities that are currently being exploited:

  1. CVE-2024-51378 (CVSS score: 10.0)

    • This vulnerability allows for authentication bypass and execution of arbitrary commands via shell metacharacters in the statusfile property due to incorrect default permissions.
  2. CVE-2023-45727 (CVSS score: 7.5)

    • This issue involves improper restriction of XML External Entity (XXE) references, enabling remote, unauthenticated attackers to conduct XXE attacks.
  3. CVE-2024-11680 (CVSS score: 9.8)

    • An improper authentication vulnerability that allows remote attackers to create accounts, upload web shells, and embed malicious JavaScript.
  4. CVE-2024-11667 (CVSS score: 7.5)
    • A path traversal vulnerability in the web management interface that enables attackers to download or upload files via crafted URLs.

The recent inclusion of CVE-2023-45727 is particularly noteworthy, as a Trend Micro report from November 19, 2024, linked its exploitation to a cyber espionage group known as Earth Kasha (also referred to as MirrorFace). Additionally, cybersecurity firm VulnCheck revealed that malicious actors have been attempting to exploit CVE-2024-11680 since September 2024.

Impact on Federal Agencies

Federal Civilian Executive Branch (FCEB) agencies are advised to remedy the identified vulnerabilities by December 25, 2024, to safeguard their networks against potential breaches. The exploitation of CVE-2024-51378 and CVE-2024-11667 has already been associated with various ransomware campaigns, including PSAUX and Helldown, as reported by Censys and Sekoia.

Vulnerabilities in I-O DATA Routers

In a related development, JPCERT/CC has warned that three critical vulnerabilities in I-O DATA routers (models UD-LT1 and UD-LT1/EX) are under active attack:

  • CVE-2024-45841 (CVSS score: 6.5)

    • This flaw allows attackers with guest account access to read sensitive files, including those containing credentials due to incorrect permission assignments.
  • CVE-2024-47133 (CVSS score: 7.2)

    • This vulnerability permits a logged-in administrative user to execute arbitrary commands through OS command injection.
  • CVE-2024-52564 (CVSS score: 7.5)
    • An undocumented feature allows remote attackers to disable firewall functions and execute arbitrary OS commands, altering router configurations.

While patches for CVE-2024-52564 are now available in firmware version 2.1.9, fixes for the other two vulnerabilities are expected by December 18, 2024 (version 2.2.0). In the meantime, I-O DATA advises customers to secure their routers by limiting settings exposure, disabling remote management, changing default guest user passwords, and using strong administrator passwords.

Conclusion

The cybersecurity landscape is constantly evolving, and awareness of these vulnerabilities is crucial for maintaining a robust defense. Organizations and individuals are encouraged to stay informed and take proactive measures to protect their systems.

For further insights on cybersecurity threats and best practices, feel free to share your thoughts in the comments or explore related articles on our website. Stay secure!


For more detailed information, you can visit CISA’s official page on Known Exploited Vulnerabilities.

Share it

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *