How can users protect their vulnerable D-Link NAS devices from exploitation?

Vulnerable D-Link NAS Devices: How Users Can Protect Themselves

Cybersecurity experts have uncovered a critical flaw in a range of D-Link network-attached storage (NAS) devices. Affecting over 92,000 legacy D-Link products, the vulnerability exposes these devices to malware attacks, data breaches, and malicious exploitation.

What is the Vulnerability?

The vulnerability stems from two security flaws—CVE-2024-3272 and CVE-2024-3273—that reside within the devices’ nas_sharing.cgi interface. The first flaw involves a hard-coded “backdoor” account that lacks a password, while the second flaw allows for command injection through the system parameter.

Exploitation of these flaws could grant attackers remote access to affected NAS devices, enabling them to execute commands, steal sensitive information, and disrupt system operations.

Affected Devices

The following D-Link NAS models are affected:

• DNS-320L
• DNS-325
• DNS-327L
• DNS-340L

What Can Users Do?

As D-Link has discontinued support for these devices and will not be releasing patches, users are strongly advised to take immediate steps to protect their devices:

• Retire and Replace: The most effective solution is to discontinue use of the affected NAS devices and replace them with more secure models.
• Isolate from the Internet: If replacement is not immediately feasible, disconnect the devices from the internet to minimize the risk of exploitation.
• Install Latest Firmware: For devices without internet access, ensure the latest available firmware is installed from D-Link’s legacy device support page.
• Disable Unnecessary Access: Disable Universal Plug and Play (UPnP) and remote internet access to the NAS devices unless absolutely necessary.
• Strong Passwords: Use strong passwords and regularly change them to minimize the risk of unauthorized access through the backdoor account.

Threat Actors Exploiting the Vulnerability

Researchers from GreyNoise and Shadowserver have detected active exploitation attempts of the vulnerability in the wild. Attackers are leveraging the flaws to deliver malware, including the Mirai botnet, which can remotely control the affected devices.

The ease of exploitation and the prevalence of vulnerable devices make these attacks particularly concerning. Therefore, users are urged to take prompt action to protect their NAS devices and mitigate the potential damage.

Conclusion

The vulnerability in D-Link NAS devices poses a significant threat to users and highlights the importance of regular cybersecurity updates. By following the recommended precautionary measures, users can safeguard their devices, protect their data, and prevent exploitation by malicious actors.

also read:How to Secure Mobile Banking Apps from Hacking Attempts?