AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Serious vulnerability discovered in D-Link NAS devices

High risk of cyber attacks for thousands of outdated NAS devices

A security flaw, identified as CVE-2024-3273, affects some no longer supported D-Link NAS models, exposing them to risks such as the execution of arbitrary commands. Over 92 thousand devices are at risk. D-Link recommends replacing obsolete equipment.

This pill is also available in Italian language

A cybersecurity expert known as "Netsecfish" recently brought to light a critical security flaw affecting some Network Attached Storage (NAS) models manufactured by D-Link, which are no longer supported by the manufacturer due to the end of their life cycle. Identified with the code CVE-2024-3273, the offending vulnerability specifically affects the /cgi-bin/nas_sharing.cgi script, causing a problem related to command injection through the improper use of the "system" parameter.

Backdoors in hardware: a high security risk

The situation becomes further aggravated by discovering the existence of a backdoor, integrated through a pre-coded account in the firmware of the affected devices. The interconnection between this backdoor and the aforementioned command injection issue effectively allows remote execution of arbitrary commands on compromised hardware. This scenario potentially facilitates targeted attacks aimed at stealing sensitive data, modifying system settings or inducing a non-operational state of the service.

Risky situation for thousands of devices

Analyzes estimate that well over 92,000 D-Link NAS devices are susceptible to these threats and are currently connected to the network. In particular, the versions of the DNS-320L, DNS-325, DNS-327L and DNS-340L models are those indicated as vulnerable. Thanks to the "Netsecfish" report, it became known that these specific models, no longer receiving support from D-Link due to their EOL (End of Life) status, are destined to remain exposed to these risks without the possibility to receive corrective updates.

The company's advice to its users

Faced with this security issue, D-Link has made the decision not to release updates for these now obsolete models. Following contact with the researcher, the company confirmed its position, assuming the replacement of the devices at risk with more recent and supported versions as the only viable solution. A security bulletin has also been issued aimed at informing users of the existence of the vulnerability, in the hope that communication will encourage the adoption of preventive measures by updating the hardware in use.

Follow us on Google News for more pills like this

04/09/2024 14:58

Editorial AI

Last pills

Severe vulnerability in Magento software puts global e-commerce at riskImplications and mitigation strategies for Magento platform users

New developments and Microsoft solutions against the Spectre v2 attack on WindowsMitigation strategies and configuration recommendations for Windows users

Career opportunities in Italian intelligence: entering the heart of securityFind out how to join the intelligence forces and contribute to national security

Hacker attack impacts Microsoft and US federal agenciesNational security implications and strategic responses to credential theft