"CVE-2024-57726 is a missing authorization vulnerability in SimpleHelp that could allow low-privileged technicians to create API keys with excessive permissions, which can then be used to escalate privileges to the server admin role."
"CVE-2024-57728 allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file, which can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user."
"CVE-2024-7399 in Samsung MagicINFO 9 Server could allow an attacker to write arbitrary files as system authority, posing significant security risks."
"CVE-2025-29635 in D-Link DIR-823X series routers allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting."
CISA has identified four vulnerabilities in SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers, all showing evidence of active exploitation. CVE-2024-57726 and CVE-2024-57728 in SimpleHelp allow unauthorized privilege escalation and arbitrary file uploads, respectively. CVE-2024-7399 in Samsung MagicINFO enables file writing with system authority. CVE-2025-29635 in D-Link routers permits command execution via a POST request. These vulnerabilities have been linked to ransomware campaigns and botnet activities, necessitating immediate mitigation measures.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]