Vulnerability 1: D-Link Insufficient Credential Protection (7.2 High)
Description: D-Link is affected by a credential exposure vulnerability. Credential exposure allows an attacker the ability to access credentials without any hindrance at all, granting them access to critical systems. In the case of D-Link, credentials are insufficiently protected in D-Link DIR-2640-US 1.01B04 and in D-Link AC2600 (DIR-2640), credentials are stored on the device in plain text. Furthermore, the passwords of both devices are the same, and cannot be modified by normal users, enabling an attacker to easily log into a business network and obtain root privileges.
Likelihood: High – Exploiting this vulnerability grants attackers complete control over a network, being able to change settings, assign IPs etc.
Recommendation: We recommend installing a firewall to ensure all network traffic is filtered before entry. Furthermore, since attackers can gain access via the serial port on the router, physical security within the vicinity of the D-Link device should be implemented.
Vulnerability 2: PRTG Network Monitor CSRF (4.3 Medium)
Description: PRTG Network Manager has a Cross-Site Request Forgery vulnerability. CSRF enables attackers to execute malicious commands and actions on a web application. A successful CSRF attack can enable the attacker to perform change requests like updating account information or compromise the entire web application. In PRTG’s case, it will enable an attacker to edit settings or create a new user granting the attacker access to the entire system.
Likelihood: Medium – Since there exists a chance of persistent authentication, an attacker will likely exploit this vulnerability. The exploitation of this vulnerability will grant the attacker with highly sensitive information about a businesses network, therefore increasing the likelihood even more.
Recommendation: Since this vulnerability is for PRTG Network Manager 20.1.55.1775 we recommend updating to the latest version (21.2.68). Furthermore, we recommend placing a highly sensitive application like this, behind a Web Application Firewall (WAF) to filter & monitor network traffic into and out of this application to hinder external access.
Vulnerability 3: Sonatype Nexus Repository Manager Unauthenticated Access (4.3 Medium)
Description: Sonatype Nexus Repository Manager has an unauthenticated access vulnerability. This will enable an attacker to retrieve or send information to a critical database, site or server without authentication. This particular vulnerability allows a remote attacker to get a list of blob files and read the content of a blob file within the repository, via a GET request, without being authenticated. The impact is it will enable an attacker to retrieve raw data of sensitive files stored in your repository.
Likelihood: High – Since this repository manager is used by over 100,000 organisations around the globe it is highly likely that an attacker will exploit this vulnerability.
Recommendation: Since this vulnerability is for versions before 3.31.0 we recommend updating your Nexus repository manager to the latest version (3.31.1) to ensure the security of your files. Also, using multiple authentication methods like LDAP, Remote Use Token (RUT) or Atlassian Crowd will add further security measures around how the data in your repository is accessed.
