- Mar 13, 2022
CISA added eight new vulnerabilities to its catalog on Thursday, including two D-Link router and access point vulnerabilities exploited by a Mirai botnet variant. The six remaining security holes impact Samsung mobile devices and they were all patched by the technology giant in 2021.
The vulnerabilities include CVE-2021-25487, an out-of-bounds read in the modem interface driver that can lead to arbitrary code execution, fixed in October 2021. Samsung has classified the bug as ‘moderate’, but its NVD advisory says it’s ‘high severity’ based on CVSS score.
The same October 2021 round of patches also addresses CVE-2021-25489, a low-severity format string bug in the modem interface driver that can lead to a DoS condition.
CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have been exploited by a spyware vendor.