Site icon Trend Bulletin

How can users protect their vulnerable D-Link NAS devices from exploitation?

How can users protect their vulnerable D-Link NAS devices from exploitation?

Vulnerable D-Link NAS Devices: How Users Can Protect Themselves

Cybersecurity experts have uncovered a critical flaw in a range of D-Link network-attached storage (NAS) devices. Affecting over 92,000 legacy D-Link products, the vulnerability exposes these devices to malware attacks, data breaches, and malicious exploitation.

What is the Vulnerability?

The vulnerability stems from two security flaws—CVE-2024-3272 and CVE-2024-3273—that reside within the devices’ nas_sharing.cgi interface. The first flaw involves a hard-coded “backdoor” account that lacks a password, while the second flaw allows for command injection through the system parameter.

Exploitation of these flaws could grant attackers remote access to affected NAS devices, enabling them to execute commands, steal sensitive information, and disrupt system operations.

Affected Devices

The following D-Link NAS models are affected:

What Can Users Do?

As D-Link has discontinued support for these devices and will not be releasing patches, users are strongly advised to take immediate steps to protect their devices:

Threat Actors Exploiting the Vulnerability

Researchers from GreyNoise and Shadowserver have detected active exploitation attempts of the vulnerability in the wild. Attackers are leveraging the flaws to deliver malware, including the Mirai botnet, which can remotely control the affected devices.

The ease of exploitation and the prevalence of vulnerable devices make these attacks particularly concerning. Therefore, users are urged to take prompt action to protect their NAS devices and mitigate the potential damage.

Conclusion

The vulnerability in D-Link NAS devices poses a significant threat to users and highlights the importance of regular cybersecurity updates. By following the recommended precautionary measures, users can safeguard their devices, protect their data, and prevent exploitation by malicious actors.

also read:How to Secure Mobile Banking Apps from Hacking Attempts?

Exit mobile version