From April 11th, 2022, to the 15th, the week ended with twenty-eight new “exploits in the wild”, as reported by CISA, the Cybersecurity and Infrastructure Security Agency. Exploits ranged from weaknesses on current products in use to older unsupported and end-of-life devices. Here are ones I thought were particularly relevant to the remote working digital nomad.
DNS-320 Storage Device
Remote Code Execution Vulnerability
D-Link Products – DNS-320 – ShareCenter® 2-Bay Network Storage Enclosure, (2) 3.5″ Bays, SATA, RAID 0/1, Gigabit Ethernet Port, USB Print Server (force.com)
The importance and options for digital media storage depend on your needs. Cloud storage is widely available and useful for the digital nomad. For remote or home-based work, onsite storage may be a requirement. The risk with managing your own storage is having to keep it secure, updated, and dependable. As the online storage continues to evolve, periodically reviewing your storage requirements is wise. Now is the time to assess your alternatives if you have this D-Link device.
A bad actor can execute code on this device without your knowledge, exposing your environment to additional exploitation.
Recommendation:
The impacted product is end-of-life and should be disconnected if still in use.
NVD – CVE-2019-16057 (nist.gov)
D-Link DNS-320 ShareCenter <= 2.05.B10 – Unauthenticated Remote code execution | CyStack Security
Adobe Flash Player
Remote Code Execution Vulnerability – and others
Adobe – Flash Player
The Adobe Flash Player is no longer vendor supported, not recommended for use, and nevertheless still pops up on active exploit lists. People are still using this product. If your work is relying on Flash, it is time to make a change.
A bad actor can execute through the Flash Player without your knowledge, directly exposing you to additional exploitation.
Recommendation:
The impacted product is end-of-life and should be disconnected if still in use.
Adobe Flash Player End of Life
Checkbox Survey
Deserialization of Untrusted Data Vulnerability – arbitrary code execution
Checkbox Survey: Powerful & Professional Online Survey Software
Checkbox Survey is a third-party tool to add survey functionality to ASP.NET websites. A website developer may utilize this product in code. You or your development team should check your version if used and follow the vender recommendations to mitigate or remediate the vulnerability.
Checkbox Survey prior to version 7.0 allow unauthenticated remote attackers to execute arbitrary code and expose data.
Recommendation:
Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.
NVD – CVE-2021-27852 (nist.gov)
VU#706695 – Checkbox Survey insecurely deserializes ASP.NET View State data (cert.org)
Telerik UI for ASP.NET AJAX
Unrestricted File Upload Vulnerability and/or Remote Code Execution
Telerik & Kendo UI – .NET Components Suites & JavaScript UI Libraries
The Telerik UI components are a toolbox of .Net form controls, facilitating asynchronous data exchange between a client browser and a web server. A website developer may utilize this product in code. You or your development team should check your version if used and follow the vender recommendations to mitigate or remediate the vulnerability.
The combination of unrestricted file upload and remote code execution implies a malicious actor can leverage an exposed system for their own uses without your knowledge.
Recommendation:
Apply updates per vendor instructions.
Telerik RadControls Unrestricted File Upload in RadAsyncUpload | Telerik UI for ASP.NET AJAX
“Only the upgrade to R1 2020 (2020.1.114) or later can prevent the known vulnerabilities at the time of writing.”