Over 92,000 D-Link Network Attached Storage (NAS) devices are currently exposed to a critical remote code execution (RCE) vulnerability, with attackers actively exploiting the flaw. The issue, identified as CVE-2024-3273, stems from a backdoor account with hardcoded credentials, coupled with a command injection vulnerability present in the devices’ firmware.
A security researcher, known as ‘Netsecfish’, unveiled that the flaw is specifically located within the ‘/cgi-bin/nas_sharing.cgi’ script of several D-Link NAS models, impacting their HTTP GET Request Handler. The critical vulnerabilities allow attackers to execute arbitrary commands remotely by chaining a hardcoded account access and a command injection through the “system” parameter.
The impacted D-Link NAS models include DNS-320L, DNS-325, DNS-327L, and DNS-340L, across various firmware versions. Over 92,000 of these devices have been found exposed online, making them vulnerable to potential attacks exploiting these security flaws.’
Attackers exploiting this vulnerability can execute commands remotely on the devices, potentially leading to unauthorized access, data theft, system configuration changes, or even denial of service attacks. The affected models include DNS-320L, DNS-325, DNS-327L, and DNS-340L, with different versions of these models being susceptible. Despite the alarming situation, D-Link has stated that these devices have reached their end of life (EOL) and will not receive any patches or firmware updates to rectify the issue.
Unfortunately, D-Link has stated that these models are end-of-life (EOL) and no longer supported, indicating that no firmware updates or patches will be released to address the vulnerabilities. The company recommends retiring the affected devices and replacing them with supported models that receive regular security updates. D-Link has published a security bulletin and set up a support page for legacy devices to raise awareness about the issue. Users are advised to apply any available updates and avoid exposing NAS devices directly to the internet to mitigate risks associated with such vulnerabilities.
