CISA Adds Owl Labs, Samsung, Realtek Bugs to Exploited Vulnerability List

The Cybersecurity and Infrastructure Security Agency (CISA) added eight bugs on Monday and another on Tuesday to its list of known exploited vulnerabilities, giving federal civilian agencies three weeks to patch the issues which affect products from MinIO, Samsung, Realtek, Zyxel, Laravel and Owl Labs. Cybersecurity experts focused in on the vulnerabilities affecting Owl Labs, which made up nearly half of the new additions. Owl Labs produces smart devices that enable video conferencing and more. All four vulnerabilities – CVE-2022-31459, CVE-2022-31461, CVE-2022-31462, and CVE-2022-31463 – affect the company’s Meeting Owl product, which is placed in meeting rooms and comes with a camera, speaker and microphone. When asked about whether they knew their products were attacked or exploited, an Owl Labs spokesperson disputed the addition to the list and said they have not heard from CISA about why these vulnerabilities were added to the catalog. "We have not seen any evidence of attacks or exploitation, and customers have not reported anything to us,” a spokesperson told Recorded Future News.