轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202509-00000004

[內容說明]
1.【CVE-2020-24363】TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability (CVSS v3.1: 8.8)
【是否遭勒索軟體利用:未知】 TP-Link TL-WA855RE 存在關鍵功能未進行適當驗證的漏洞。未經身份驗證的攻擊者若與裝置位於同一網路，可能透過提交 TDDP_RESET POST 請求，強制設備回復出廠設定並重新啟動。攻擊者隨後可設定新的管理員密碼，進而取得未經授權的存取控制權限。受影響的產品可能已達產品生命週期結束(EoL)和／或終止產品支援(EoS)，建議使用者停止使用該產品。
【影響平台】 TP-Link TL-WA855RE V5 200731之前的版本

2.【CVE-2025-55177】Meta Platforms WhatsApp Incorrect Authorization Vulnerability (CVSS v3.1: 5.4)
【是否遭勒索軟體利用:未知】 Meta Platforms 的 WhatsApp 存在授權錯誤漏洞，起因於對已連結裝置同步訊息的授權檢查不完整。此漏洞可能使無關使用者得以在目標裝置上觸發並處理任意 URL 的內容。
【影響平台】請參考官方所列的影響版本
https://www.facebook.com/security/advisories/cve-2025-55177

3.【CVE-2023-50224】TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability (CVSS v3.1: 6.5)
【是否遭勒索軟體利用:未知】 TP-Link TL-WR841N 存在可藉由偽造方式繞過身份驗證的漏洞，該漏洞位於 httpd 服務(預設監聽 TCP 埠 80)，可能導致已儲存的憑證資訊外洩。受影響的產品可能已達產品生命週期終點(EoL)和／或服務終止(EoS)。建議使用者停止使用該產品。
【影響平台】 TP-Link TL-WR841N V12

4.【CVE-2025-9377】TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability (CVSS v3.1: 7.2)
【是否遭勒索軟體利用:未知】 TP-Link Archer C7(EU)及 TL-WR841N/ND(MS)存在作業系統指令注入漏洞，該漏洞位於家長控制頁面。受影響的產品可能已達產品生命週期結束(EoL)和／或終止產品支援(EoS)。建議使用者停止使用該產品。
【影響平台】
TP-Link TL-WR841N/ND(MS) V9 241108之前的版本
TP-Link Archer C7(EU) V2 241108之前的版本

5.【CVE-2025-38352】Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability (CVSS v3.1: 7.4)
【是否遭勒索軟體利用:未知】 Linux 核心存在TOCTOU競爭條件漏洞，對機密性、完整性與可用性造成高度影響。
【影響平台】
Linux kernel 2.6.36至5.4.295(不含)的版本
Linux kernel 5.5至5.10.239(不含)的版本
Linux kernel 5.11至5.15.186(不含)的版本
Linux kernel 5.16至6.1.142(不含)的版本
Linux kernel 6.2至6.6.94(不含)的版本
Linux kernel 6.7至6.12.34(不含)的版本
Linux kernel 6.13至6.15.3(不含)的版本
Linux kernel 6.16

6.【CVE-2025-48543】Android Runtime Use-After-Free Vulnerability (CVSS v3.1: 8.8)
【是否遭勒索軟體利用:未知】 Android Runtime存在記憶體釋放後使用漏洞，可能導致Chrome 沙箱逃逸，進而造成本機權限提升。
【影響平台】請參考官方所列的影響版本
https://source.android.com/security/bulletin/2025-09-01

7.【CVE-2025-53690】Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.0)
【是否遭勒索軟體利用:未知】 Sitecore Experience Manager(XM)、Experience Platform(XP)、Experience Commerce(XC) 以及Managed Cloud存在未經信任資料反序列化漏洞，與使用預設的machine key有關。此漏洞可能允許攻擊者利用外洩的ASP.NET machine key達成遠端程式碼執行。
【影響平台】請參考官方所列的影響版本
https://support.sitecore.com/kb

[影響平台]
詳細內容於內容說明欄之影響平台

[建議措施]
1.【CVE-2020-24363】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://www.tp-link.com/us/support/download/tl-wa855re/v5/#Firmware

2.【CVE-2025-55177】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://www.facebook.com/security/advisories/cve-2025-55177

3.【CVE-2023-50224】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://www.tp-link.com/en/support/download/tl-wr841n/v12/#Firmware

4.【CVE-2025-9377】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://www.tp-link.com/us/support/faq/4308/

5.【CVE-2025-38352】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://git.kernel.org/stable/c/2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff
https://git.kernel.org/stable/c/2f3daa04a9328220de46f0d5c919a6c0073a9f0b
https://git.kernel.org/stable/c/460188bc042a3f40f72d34b9f7fc6ee66b0b757b
https://git.kernel.org/stable/c/764a7a5dfda23f69919441f2eac2a83e7db6e5bb
https://git.kernel.org/stable/c/78a4b8e3795b31dae58762bc091bb0f4f74a2200
https://git.kernel.org/stable/c/c076635b3a42771ace7d276de8dc3bc76ee2ba1b
https://git.kernel.org/stable/c/c29d5318708e67ac13c1b6fc1007d179fb65b4d7
https://git.kernel.org/stable/c/f90fff1e152dedf52b932240ebbd670d83330eca

6.【CVE-2025-48543】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://source.android.com/security/bulletin/2025-09-01

7.【CVE-2025-53690】 官方已針對漏洞釋出修復更新，請更新至相關版本
https://support.sitecore.com/kb

Forwarded from Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202509-00000004)

[Description]
1. [CVE-2020-24363] TP-Link TL-WA855RE Missing Authentication for Critical Function Vulnerability (CVSS v3.1: 8.8)
[Exploited by Ransomware: Unknown] The TP-Link TL-WA855RE has a vulnerability where critical functions do not perform proper authentication. An unauthenticated attacker on the same network as the device could force the device to reset to factory settings and reboot by submitting a TDDP_RESET POST request. An attacker could then set a new administrator password, thereby gaining unauthorized access. The affected product may have reached End of Life (EoL) and/or End of Support (EoS). Users are advised to stop using this product.
[Affected Platforms] TP-Link TL-WA855RE V5 versions prior to 200731

2. [CVE-2025-55177] Meta Platforms WhatsApp Incorrect Authorization Vulnerability (CVSS v3.1: 5.4)
[Exploited by Ransomware: Unknown] Meta Platforms' WhatsApp contains an incorrect authorization vulnerability due to incomplete authorization checks on sync messages between connected devices. This vulnerability could allow an unauthorized user to trigger and process the content of arbitrary URLs on the target device.
[Affected Platforms] Please refer to the official list of affected versions.
https://www.facebook.com/security/advisories/cve-2025-55177

3. [CVE-2023-50224] TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability (CVSS v3.1: 6.5)
[Exploited by Ransomware: Unknown] The TP-Link TL-WR841N has an authentication bypass vulnerability in the httpd service (default listening on TCP port 80), which may lead to the disclosure of stored credential information. The affected product may have reached End of Life (EoL) and/or End of Service (EoS). Users are advised to stop using this product.
[Affected Platforms] TP-Link TL-WR841N V12

4. [CVE-2025-9377] TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability (CVSS v3.1: 7.2)
[Exploited by Ransomware: Unknown] TP-Link Archer C7(EU) and TL-WR841N/ND(MS) have an operating system command injection vulnerability located in the parental control interface. The affected products may have reached End of Life (EoL) and/or End of Support (EoS). Users are advised to stop using these products.
[Affected Platforms]
TP-Link TL-WR841N/ND(MS) V9 versions prior to 241108
TP-Link Archer C7(EU) V2 versions prior to 241108

5. [CVE-2025-38352] Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability (CVSS v3.1: 7.4)
[Exploited by Ransomware: Unknown] A TOCTOU race condition vulnerability exists in the Linux kernel, with a high impact on confidentiality, integrity, and availability.
[Affected Platforms]
Linux kernel versions 2.6.36 to 5.4.295 (excluding)
Linux kernel versions 5.5 to 5.10.239 (excluding)
Linux kernel versions 5.11 to 5.15.186 (excluding)
Linux kernel versions 5.16 to 6.1.142 (excluding)
Linux kernel versions 6.2 to 6.6.94 (excluding)
Linux kernel versions 6.7 to 6.12.34 (excluding)
Linux kernel versions 6.13 to 6.15.3 (excluding)
Linux kernel 6.16

6. [CVE-2025-48543] Android Runtime Use-After-Free Vulnerability (CVSS v3.1: 8.8)
[Exploited by ransomware: Unknown] Android A use-after-free vulnerability in the runtime could lead to a Chrome sandbox escape, potentially leading to local privilege escalation.
[Affected Platforms] Please refer to the official list of affected versions.
https://source.android.com/security/bulletin/2025-09-01

7. [CVE-2025-53690] Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.0)
[Exploited by Ransomware: Unknown] Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain an untrusted data deserialization vulnerability related to the use of a default machine key. This vulnerability could allow an attacker to exploit a compromised ASP.NET machine key to achieve remote code execution.
[Affected Platforms] Please refer to the official affected versions listed here.
https://support.sitecore.com/kb

[Affected Platforms]
For details, please refer to the affected platforms in the description section.

[Recommended Actions]
1. [CVE-2020-24363] A fix has been released for this vulnerability. Please update to the relevant version.
https://www.tp-link.com/us/support/download/tl-wa855re/v5/#Firmware

2. [CVE-2025-55177] A fix has been released for this vulnerability. Please update to the relevant version.
https://www.facebook.com/security/advisories/cve-2025-55177

3. [CVE-2023-50224] A fix has been released for this vulnerability. Please update to the relevant version.
https://www.tp-link.com/en/support/download/tl-wr841n/v12/#Firmware

4. [CVE-2025-9377] A fix has been released for this vulnerability. Please update to the relevant version.
https://www.tp-link.com/us/support/faq/4308/

5. [CVE-2025-38352] A fix has been released for this vulnerability. Please update to the relevant version.
https://git.kernel.org/stable/c/2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff
https://git.kernel.org/stable/c/2f3daa04a9328220de46f0d5c919a6c0073a9f0b
https://git.kernel.org/stable/c/460188bc042a3f40f72d34b9f7fc6ee66b0b757b
https://git.kernel.org/stable/c/764a7a5dfda23f69919441f2eac2a83e7db6e5bb
https://git.kernel.org/stable/c/78a4b8e3795b31dae58762bc091bb0f4f74a2200
https://git.kernel.org/stable/c/c076635b3a42771ace7d276de8dc3bc76ee2ba1b
https://git.kernel.org/stable/c/c29d5318708e67ac13c1b6fc1007d179fb65b4d7
https://git.kernel.org/stable/c/f90fff1e152dedf52b932240ebbd670d83330eca

6. [CVE-2025-48543] A fix has been released for this vulnerability. Please update to the relevant version.
https://source.android.com/security/bulletin/2025-09-01

7. [CVE-2025-53690] A fix has been released for this vulnerability. Please update to the relevant version.
https://support.sitecore.com/kb