Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Serious vulnerability discovered in D-Link NAS devices

High risk of cyber attacks for thousands of outdated NAS devices

A security flaw, identified as CVE-2024-3273, affects some no longer supported D-Link NAS models, exposing them to risks such as the execution of arbitrary commands. Over 92 thousand devices are at risk. D-Link recommends replacing obsolete equipment.
Gruppo ECP

FROM THE GAP TO THE FINISH LINE
We transform challenges into business successes
DISCOVER HOW

Gruppo ECP

FROM THE GAP TO THE FINISH LINE
We transform challenges
into business successes
DISCOVER HOW

This pill is also available in Italian language

A cybersecurity expert known as "Netsecfish" recently brought to light a critical security flaw affecting some Network Attached Storage (NAS) models manufactured by D-Link, which are no longer supported by the manufacturer due to the end of their life cycle. Identified with the code CVE-2024-3273, the offending vulnerability specifically affects the /cgi-bin/nas_sharing.cgi script, causing a problem related to command injection through the improper use of the "system" parameter.

Backdoors in hardware: a high security risk

The situation becomes further aggravated by discovering the existence of a backdoor, integrated through a pre-coded account in the firmware of the affected devices. The interconnection between this backdoor and the aforementioned command injection issue effectively allows remote execution of arbitrary commands on compromised hardware. This scenario potentially facilitates targeted attacks aimed at stealing sensitive data, modifying system settings or inducing a non-operational state of the service.

Risky situation for thousands of devices

Analyzes estimate that well over 92,000 D-Link NAS devices are susceptible to these threats and are currently connected to the network. In particular, the versions of the DNS-320L, DNS-325, DNS-327L and DNS-340L models are those indicated as vulnerable. Thanks to the "Netsecfish" report, it became known that these specific models, no longer receiving support from D-Link due to their EOL (End of Life) status, are destined to remain exposed to these risks without the possibility to receive corrective updates.

The company's advice to its users

Faced with this security issue, D-Link has made the decision not to release updates for these now obsolete models. Following contact with the researcher, the company confirmed its position, assuming the replacement of the devices at risk with more recent and supported versions as the only viable solution. A security bulletin has also been issued aimed at informing users of the existence of the vulnerability, in the hope that communication will encourage the adoption of preventive measures by updating the hardware in use.

Follow us on Twitter for more pills like this

04/09/2024 14:58

Marco Verro

Last pills

Cloudflare repels the most powerful DDoS attack ever recordedAdvanced defense and global collaboration to tackle new challenges of DDoS attacks

Silent threats: the zero-click flaw that compromises RDP serversHidden risks in remote work: how to protect RDP servers from invisible attacks

Discovery of vulnerability in Secure Boot threatens device securityFlaw in the Secure Boot system requires urgent updates to prevent invisible intrusions

North korean cyberattacks and laptop farming: threats to smart workingAdapting to new digital threats of remote work to protect vital data and infrastructures

Don’t miss the most important news
Enable notifications to stay always updated