Friday, May 2, 2025
HomeCyber Security NewsCISA Warns of 8 Frequently Exploited Flaws in Samsung and D-Link Devices

CISA Warns of 8 Frequently Exploited Flaws in Samsung and D-Link Devices

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity & Infrastructure Security Agency (CISA) is well-known for providing preventive measures to all organizations based on their recent research and exploitation from threat actors.

CISA has recently added and published a list of 8 new vulnerabilities which are currently being exploited in the wild by attackers.

These new vulnerabilities were related to two major organizations, Samsung and D-Link. 

- Advertisement - Google News

CVE(s):

The 8 new vulnerabilities are,

D-Link Vulnerability

  • CVE-2019-17621: D-Link DIR-859 Router Command Execution Vulnerability

This vulnerability exists in the UPnP endpoint of D-Link and has a CVSS Score of 9.8 (Critical).

  • CVE-2019-20500: D-Link DWL-2600AP Access Point Command Injection Vulnerability

This vulnerability exists in the configBackup or downloadServerip parameter and has a CVSS Score of 7.8 (High).

Earlier in March 2023, the threat actors leveraged the following D-Link (CVE-2019-17621, CVE-2019-20500) vulnerabilities to spread a variant of the Mirai botnet.

Samsung Mobile Devices Vulnerability

  • CVE-2021-25487: Samsung Mobile Devices Out-of-Bounds Read Vulnerability

This vulnerability exists due to the lack of boundary checking in a buffer and has a CVSS Score of 7.8 (High).

  • CVE-2021-25489: Samsung Mobile Devices Improper Input Validation Vulnerability

This vulnerability exists due to improper input validation in the modem interface and has a CVSS Score of 5.5 (Medium).

This vulnerability exists as a race condition in charger drivers and has a CVSS Score of 6.4 (Medium).

A race condition in the charger driver allows local attackers to bypass signature checks. This vulnerability has a CVSS Score of 6.4 (Medium).

This vulnerability in the DSP driver allows attackers to load arbitrary ELF libraries and has a CVSS Score of 6.7 (Medium).

  • CVE-2021-25372: Samsung Mobile Devices Improper Boundary Check Vulnerability

This vulnerability exists due to improper boundary checks in the DSP driver, allowing out-of-bounds memory access and having a CVSS Score of 6.7 (Medium).

As of now, there have not been any publicized instances of Samsung mobile device vulnerabilities being exploited, which have been included in CISA’s ‘must-patch’ list this week. However, it is highly likely that a commercial spyware vendor has already capitalized on these vulnerabilities.

This list has been released as part of the Binding Operational Directive, which is working on reducing the risks these known exploits can bring to the federal enterprise.

Users of these products are advised to upgrade to the latest vendor patches provided to eliminate the risk of a cyber attack.

“AI-based email security measures Protect your business From Email Threats!” – .

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...