Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Serious vulnerability discovered in D-Link NAS devices

High risk of cyber attacks for thousands of outdated NAS devices

A security flaw, identified as CVE-2024-3273, affects some no longer supported D-Link NAS models, exposing them to risks such as the execution of arbitrary commands. Over 92 thousand devices are at risk. D-Link recommends replacing obsolete equipment.
This pill is also available in Italian language

A cybersecurity expert known as "Netsecfish" recently brought to light a critical security flaw affecting some Network Attached Storage (NAS) models manufactured by D-Link, which are no longer supported by the manufacturer due to the end of their life cycle. Identified with the code CVE-2024-3273, the offending vulnerability specifically affects the /cgi-bin/nas_sharing.cgi script, causing a problem related to command injection through the improper use of the "system" parameter.

Backdoors in hardware: a high security risk

The situation becomes further aggravated by discovering the existence of a backdoor, integrated through a pre-coded account in the firmware of the affected devices. The interconnection between this backdoor and the aforementioned command injection issue effectively allows remote execution of arbitrary commands on compromised hardware. This scenario potentially facilitates targeted attacks aimed at stealing sensitive data, modifying system settings or inducing a non-operational state of the service.

Risky situation for thousands of devices

Analyzes estimate that well over 92,000 D-Link NAS devices are susceptible to these threats and are currently connected to the network. In particular, the versions of the DNS-320L, DNS-325, DNS-327L and DNS-340L models are those indicated as vulnerable. Thanks to the "Netsecfish" report, it became known that these specific models, no longer receiving support from D-Link due to their EOL (End of Life) status, are destined to remain exposed to these risks without the possibility to receive corrective updates.

The company's advice to its users

Faced with this security issue, D-Link has made the decision not to release updates for these now obsolete models. Following contact with the researcher, the company confirmed its position, assuming the replacement of the devices at risk with more recent and supported versions as the only viable solution. A security bulletin has also been issued aimed at informing users of the existence of the vulnerability, in the hope that communication will encourage the adoption of preventive measures by updating the hardware in use.

Follow us on Threads for more pills like this

04/09/2024 14:58

Marco Verro

Last pills

Hidden vulnerability in Asus motherboards revealed by a New Zealand programmerCritical vulnerability discovered in DriverHub local server that allows malicious code to be executed with admin privileges, risks expanded on Asus desktops, laptops and motherboards

AnyProxy proxy network taken down: new era for global SOCKS botnet securityLearn how international collaboration and artificial intelligence are revolutionizing the fight against SOCKS botnets and ensuring more effective security for corporate networks

Cybersecurity of electricity grids: how cyber attacks are putting energy at risk in EuropeHow cyberattacks threaten energy security in Europe: techniques, consequences and innovative strategies to defend electricity grids

Google Drive blocked: the challenges of Piracy Shield and the implications of accidental lockdownHow a simple technical error blocked Google Drive in Italy, highlighting the critical issues in a fight against piracy involving tech giants and national institutions