AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Serious vulnerability discovered in D-Link NAS devices

High risk of cyber attacks for thousands of outdated NAS devices

A security flaw, identified as CVE-2024-3273, affects some no longer supported D-Link NAS models, exposing them to risks such as the execution of arbitrary commands. Over 92 thousand devices are at risk. D-Link recommends replacing obsolete equipment.

This pill is also available in Italian language

A cybersecurity expert known as "Netsecfish" recently brought to light a critical security flaw affecting some Network Attached Storage (NAS) models manufactured by D-Link, which are no longer supported by the manufacturer due to the end of their life cycle. Identified with the code CVE-2024-3273, the offending vulnerability specifically affects the /cgi-bin/nas_sharing.cgi script, causing a problem related to command injection through the improper use of the "system" parameter.

Backdoors in hardware: a high security risk

The situation becomes further aggravated by discovering the existence of a backdoor, integrated through a pre-coded account in the firmware of the affected devices. The interconnection between this backdoor and the aforementioned command injection issue effectively allows remote execution of arbitrary commands on compromised hardware. This scenario potentially facilitates targeted attacks aimed at stealing sensitive data, modifying system settings or inducing a non-operational state of the service.

Risky situation for thousands of devices

Analyzes estimate that well over 92,000 D-Link NAS devices are susceptible to these threats and are currently connected to the network. In particular, the versions of the DNS-320L, DNS-325, DNS-327L and DNS-340L models are those indicated as vulnerable. Thanks to the "Netsecfish" report, it became known that these specific models, no longer receiving support from D-Link due to their EOL (End of Life) status, are destined to remain exposed to these risks without the possibility to receive corrective updates.

The company's advice to its users

Faced with this security issue, D-Link has made the decision not to release updates for these now obsolete models. Following contact with the researcher, the company confirmed its position, assuming the replacement of the devices at risk with more recent and supported versions as the only viable solution. A security bulletin has also been issued aimed at informing users of the existence of the vulnerability, in the hope that communication will encourage the adoption of preventive measures by updating the hardware in use.

Follow us on WhatsApp for more pills like this

04/09/2024 14:58

Editorial AI

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately