Cybersecurity Updates: Vulnerabilities, April 14 – 20, 2025

Vuln Recap Editor,

Here are the CVE updates for the week of April 14th through the 20th.

CRITICAL SEVERITY VULNERABILITIES

Remote Command Injection Vulnerability in VIVOTEK Network Cameras | CVE-2017-9828

Description: A command injection flaw in the /cgi-bin/admin/testserver.cgi endpoint of many VIVOTEK Network Cameras allows remote attackers to execute arbitrary shell commands as root. The vulnerability stems from improper input sanitization in the senderemail parameter. Verified affected models include IB8369, FD8164, and FD816BA, though other models with similar firmware may also be impacted. This issue is actively exploited and poses a high risk due to root-level access.

Potential Impacts:

  • Remote Code Execution: Attackers can run arbitrary shell commands with root privileges on the device.
  • Full Device Compromise: Gaining root access enables complete control over affected network cameras.
  • Surveillance Evasion or Abuse: Attackers may disable or manipulate camera functionality, impacting physical security.
  • Lateral Movement: Compromised devices may be used as entry points to infiltrate the broader network.

Mitigation Recommendations:

  • Apply Firmware Updates: Check with VIVOTEK for updated firmware addressing this issue and patch all affected devices immediately.
  • Restrict Network Access: Limit access to the camera interfaces using firewall rules or network segmentation.
  • Disable Unused Services: Turn off any unnecessary services or CGI endpoints on the camera.
  • Input Sanitization Review: Ensure all external inputs are properly sanitized to prevent injection vulnerabilities.
  • Monitor for Exploitation: Log and monitor traffic to/from network cameras for suspicious HTTP requests targeting /cgi-bin/admin/testserver.cgi.

Stack-Based Buffer Overflow in EFS Software Easy Chat Server | CVE-2017-9544

Description: EFS Software Easy Chat Server versions 2.0 to 3.1 are affected by a remote stack-based buffer overflow in the register.ghp component. The flaw is triggered via the registresult.htm endpoint when an overly long username parameter is submitted, leading to a Structured Exception Handler (SEH) overwrite. This may allow attackers to execute arbitrary code on the target system.

Potential Impacts:

  • Remote Code Execution: Attackers may execute arbitrary code with the privileges of the vulnerable application.
  • System Compromise: Successful exploitation can lead to full control of the target server.
  • Denial of Service: A crash of the Easy Chat Server may occur, disrupting availability.
  • Privilege Escalation: Attackers might leverage this flaw to escalate privileges if chained with other vulnerabilities.

Mitigation Recommendations:

  • Update or Remove the Software: If possible, upgrade to a version where the vulnerability is patched, or discontinue use if no update is available.
  • Input Validation: Ensure strict validation and length-checking of user input on the server side.
  • Network Segmentation: Restrict access to the chat server to trusted networks or users.
  • Deploy IDS/IPS: Use intrusion detection or prevention systems to detect and block malformed registration attempts targeting the vulnerability.

Authentication Bypass Vulnerability in D-Link DIR-615 Wireless N 300 Router | CVE-2017-9542

Description: The D-Link DIR-615 Wireless N 300 Router contains an authentication bypass vulnerability in the login.cgi endpoint. Due to improper validation of the password field, an attacker can send a crafted POST request to gain administrative access without valid credentials.

Potential Impacts:

  • Device Takeover: Attackers can gain full administrative control of the router.
  • Network Compromise: Unauthorized access may allow the attacker to modify router settings, intercept traffic, or launch attacks on connected devices.
  • Loss of Configuration Integrity: Malicious changes to network configurations or firewall rules may result in service disruption or data leaks.
  • Persistent Access: Attackers could install backdoors or malicious firmware to maintain long-term control.

Mitigation Recommendations:

  • Update Firmware: Check with D-Link for a firmware update that addresses this vulnerability and apply it immediately.
  • Restrict Web Access: Disable remote web management and restrict local access to trusted devices only.
  • Use Strong Network Security: Change default credentials and apply strong, unique passwords for both admin and Wi-Fi access.
  • Monitor Router Logs: Regularly review logs for unauthorized access or configuration changes.

HIGH SEVERITY VULNERABILITIES

Apple Multiple Products Memory Corruption Vulnerability | CVE-2025-31200 (CISA KEV): A memory corruption flaw in media file processing affected iOS, iPadOS, macOS Sequoia, tvOS, and visionOS prior to versions 18.4.1 (or 15.4.1 for macOS Sequoia). Triggered via maliciously crafted audio streams, the vulnerability could allow arbitrary code execution. Apple addressed the issue with improved bounds checking and confirmed reports of limited, targeted exploitation on iOS in sophisticated attacks.

Use-After-Free Vulnerability in USB Component of Google Chrome | CVE-2025-3620: A high-severity use-after-free flaw in the USB component of Chrome versions before 135.0.7049.95 allows remote attackers to corrupt memory by tricking users into visiting a malicious HTML page. This can lead to arbitrary code execution within the browser, potentially compromising the user’s system.

Denial of Service via Stack Exhaustion in Wireshark PROFINET IO Dissector | CVE-2017-9766: A denial of service vulnerability in Wireshark 2.2.7 affects the PROFINET IO dissector. The issue lies in the dissect_IODWriteReq function, where deeply nested PROFINET IO packets can trigger stack exhaustion. A remote attacker can exploit this flaw by sending specially crafted packets, causing Wireshark to crash during analysis.

MEDIUM SEVERITY VULNERABILITIES

SonicWall SMA100 Appliances OS Command Injection Vulnerability | CVE-2021-20035 (CISA KEV): An input sanitization flaw in the SMA100 management interface allows remote authenticated attackers to inject arbitrary commands as the ‘nobody’ user. This vulnerability may lead to denial-of-service (DoS) conditions.

Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability | CVE-2025-3620 (CISA KEV): A spoofing vulnerability in Windows NTLM authentication allows remote, unauthorized attackers to exploit improperly handled file names or paths. By manipulating these values, attackers can impersonate trusted users or systems over a network, compromising the integrity of the authentication process.

Apple Multiple Products Arbitrary Read and Write Vulnerability | CVE-2025-31201 (CISA KEV): A critical flaw in iOS, iPadOS, macOS Sequoia, tvOS, and visionOS (prior to 18.4.1 or 15.4.1 for macOS Sequoia) allowed attackers with arbitrary read/write access to bypass Pointer Authentication, a key defense against memory corruption attacks like ROP. Apple removed the vulnerable code and confirmed reports suggesting limited, targeted exploitation on iOS in advanced attacks.

FSBY Mobile Banking App SSL Certificate Validation Flaw | CVE-2017-9586: The iOS version 3.0.0 of the FSBY Mobile Banking app by First State Bank of Yoakum fails to properly validate X.509 SSL certificates during HTTPS communication. This critical flaw allows man-in-the-middle attackers to spoof servers with crafted certificates, enabling interception and modification of sensitive banking data.

Post Views: 56
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *