Approx. read time: 2.6 min.
Post: Over 92,000 D-Link NAS Devices Vulnerable Due to Security Flaws
Over 92,000 D-Link NAS Devices Vulnerable Due to Security Flaws
The digital security landscape has witnessed a concerning revelation as over 92,000 D-Link Network Attached Storage (NAS) devices have been exposed online, harboring critical security flaws. This discovery, made by the vigilant threat researcher Netsecfish, brings to light the vulnerabilities present in multiple end-of-life D-Link NAS models, potentially putting thousands of users at risk of unauthorized access and data breaches.
Understanding the Flaws: A Closer Look
At the heart of this security concern are two major issues identified within the /cgi-bin/nas_sharing.cgi script, specifically in its HTTP GET Request Handler component. Tracked as CVE-2024-3273, the vulnerabilities consist of a hardcoded backdoor account, with the username “messagebus” and an empty password field, alongside a command injection flaw via the “system” parameter.
These vulnerabilities, when exploited in tandem, could allow remote attackers to execute arbitrary commands on the devices. This flaw arises from the manipulation of the “system” parameter through the addition of a base64-encoded command via an HTTP GET request, subsequently executed by the device. The successful exploitation of this vulnerability could lead to unauthorized access, sensitive information disclosure, system configuration modifications, or even denial of service conditions.
Impacted Device Models
The specific D-Link NAS models impacted by CVE-2024-3273 include:
- DNS-320L Versions 1.11, 1.03.0904.2013, 1.01.0702.2013
- DNS-325 Version 1.01
- DNS-327L Versions 1.09, 1.00.0409.2013
- DNS-340L Version 1.08
Vendor Response and Recommendations
Upon contacting D-Link regarding a potential patch for the flaw, it was revealed that the affected NAS devices are considered end-of-life (EOL) and are no longer supported. D-Link has ceased development resources for these products, emphasizing the need for users to retire and replace these outdated models.
In response to this issue, D-Link has published a security bulletin to raise awareness among users about the flaw and the urgent need to replace or retire the vulnerable devices. Although no patches will be released to address the newly discovered vulnerabilities, D-Link recommends applying the latest available updates and advises against exposing NAS devices directly to the internet due to the risk of attacks, including ransomware.
Mitigating the Risk
For users insisting on utilizing these end-of-life devices, it’s crucial to apply all available updates and take measures to enhance their security posture. This includes, but is not limited to, ensuring the devices are not accessible from the internet and implementing robust network security practices to safeguard against potential attacks.
As the digital threat landscape continues to evolve, this incident serves as a stark reminder of the importance of maintaining up-to-date hardware and software to protect against vulnerabilities. For D-Link NAS device owners, the path forward involves critically assessing the risks associated with continuing the use of vulnerable devices and considering the replacement with supported models that receive regular firmware updates.
Related Posts
About the Author: Bernard Aybout (Virii8)
