Multiple Ransomware Groups Found to be Exploiting EntroLink VPN Appliance Zero-Day: Penetration Possible in Just Seconds
The zero-day is believed to affect the EntroLink PPX-AnyLink device, popular in Korean companies, an appliance that can be used as a user authentication gateway or VPN to allow employees to remotely access the company’s network and internal resources.
The PPX-AnyLink device is thought to be affected.
The exploit targeting these devices was released on September 13, 2021, and was originally sold on another forum for $50,000, but the administrator of a newly launched cybercrime forum, in a promotion to raise the site’s profile among other cybercrime groups It was released for free.
According to the post, this exploit is not yet patched and can be used to exploit network protocols to execute remote code with root-level access to PPX-AnyLink devices.
The vulnerability is also described as an input validation issue, requiring only a few seconds to compromise the device.
Researchers tracking ransomware attacks say that since the release of this exploit, ransomware-associated groups such as BlackMatter and LockBit have been using it to conduct intrusions
EntroLink, a Korean network vendor, was informed by security researchers that the exploit had been released, but did not seem to engage with the researchers. A spokesperson for the company also refused to connect phone calls to a company representative responsible for the security of its products.
According to a tracker maintained by security researchers Allan Liska and Pancak3, the EntroLink PPX-AnyLink exploit is now the 54th zero-day vulnerability known to be exploited by ransomware groups.
I feel that enough time has passed to resolve the EntroLink PPX-AnyLink zero-day issue, as I have contacted the company numerous times with no response.