CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
嗯，用户让我帮忙总结一篇文章，控制在一百个字以内，而且不需要特定的开头。首先，我得仔细阅读文章内容，理解主要信息。文章讲的是美国网络安全和基础设施安全局（CISA）新增了四个漏洞到他们的已知被利用漏洞目录中。这些漏洞影响了SimpleHelp、三星MagicINFO 9服务器和D-Link DIR-823X系列路由器。每个漏洞都有不同的CVSS评分和描述，比如权限提升、路径遍历和命令注入等。接下来，我需要确定这些漏洞的严重性和影响。SimpleHelp的两个漏洞可能被用于勒索软件攻击，三星的漏洞与Mirai僵尸网络有关，而D-Link的漏洞则涉及tuxnokill变种。CISA建议在2026年5月8日前修复或停用相关设备。现在，我要把这些信息浓缩到100字以内。首先提到CISA新增四个高危漏洞，然后列出受影响的产品和漏洞类型，最后说明建议措施。可能会遗漏一些细节，比如具体的CVSS评分或攻击类型的具体描述，但要在字数限制内涵盖所有关键点。最终总结应该简洁明了，突出主要信息：新增四个高危漏洞、影响的产品、漏洞类型以及建议措施。 </think> 美国网络安全机构CISA新增四个高危漏洞至已知被利用目录，涉及SimpleHelp、三星MagicINFO 9服务器及D-Link路由器。这些漏洞包括权限提升、路径遍历及命令注入风险，并与勒索软件及Mirai僵尸网络活动相关联。建议用户尽快修复或停用受影响设备以应对威胁。 2026-4-25 05:8:0 Author: thehackernews.com(查看原文) 阅读量:16 收藏

Network Security / Infrastructure Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The list of vulnerabilities is below -

CVE-2024-57726 (CVSS score: 9.9) - A missing authorization vulnerability in SimpleHelp that could allow low-privileged technicians to create API keys with excessive permissions, which can then be used to escalate privileges to the server admin role.
CVE-2024-57728 (CVSS score: 7.2) - A path traversal vulnerability in SimpleHelp that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e., zip slip), which can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
CVE-2024-7399 (CVSS score: 8.8) - A path traversal vulnerability in Samsung MagicINFO 9 Server that could allow an attacker to write arbitrary files as system authority.
CVE-2025-29635 (CVSS score: 7.5) - A command injection vulnerability in end-of-life D-Link DIR-823X series routers that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function.

While both the SimpleHelp flaws have been marked as "Unknown" against the "Known To Be Used in Ransomware Campaigns?" Indicators, reports from Field Effect and Sophos revealed early last year that the issues were exploited as a precursor to ransomware attacks. One such campaign was attributed to the DragonForce ransomware operation.

The exploitation of CVE-2024-7399 has been linked to malicious activity deploying the Mirai botnet in the past. As for CVE-2025-29635, Akamai disclosed earlier this week that it recorded attempts against D-Link devices to deliver a Mirai botnet variant named "tuxnokill."

To mitigate the active threats, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the fixes or, in the case of CVE-2025-29635, discontinue the use of the appliance by May 8, 2026.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2026/04/cisa-adds-4-exploited-flaws-to-kev-sets.html
如有侵权请联系:admin#unsafe.sh