.webp)
Summary
A critical vulnerability has been confirmed in select D-Link NAS devices, including DNS-340L, DNS-320L, DNS-327L, and DNS-325. Evidence suggests that other D-Link NAS devices may also be affected. The vulnerability, identified as CVE-2024-3273 (CVSS: 9.8), exploits the /cgi-bin/nas_sharing.cgi component of the HTTP GET Request Handler. By manipulating this component, an attacker can perform remote command injection to obtain hardcoded credentials. A publicly disclosed exploit developed by NetSecFish has confirmed the presence of this vulnerability. Network scans indicate that over 92,000 devices are affected.
Figure 1: NetSecFish Internet Scan (Github)
Impact Assessment
This vulnerability leverages two main flaws: a backdoor that allows username and password parameters to be passed without authentication, and a system parameter that enables command execution. Exploitation can lead to the retrieval of the device's password, granting unauthorized access, allowing configuration changes, denial of service, and command execution.
Figure 2: NetSecFish Exploit (Github)
Affected Devices
The following devices are mentioned in D-Link’s security advisory. Devices confirmed to be vulnerable by NetSecFish are in bold:
- DNS-120
- DNR-202L
- DNS-315L
- DNS-320
- DNS-320L
- DNS-320LW
- DNS-321
- DNR-322L
- DNS-323
- DNS-325
- DNS-326
- DNS-327L
- DNR-326
- DNS-340L
- DNS-343
- DNS-345
- DNS-726-4
- DNS-1100-4
- DNS-1200-05
- DNS-1550-04
Remediation
Unfortunately, all affected devices are End-of-Sale (EoS) and End-of-Life (EoL), meaning they no longer receive security patches or updates. D-Link recommends replacing these devices with newer hardware as there is no official fix for this vulnerability.
What It Means for You
If you use any D-Link NAS device, it is time to consider a replacement. Research newer Network Attached Storage devices, assess your business requirements, and plan for a replacement.
Business Implications
Exploitation of this vulnerability can lead to unauthorized access to the NAS system, compromising all files on the device. Attackers can execute commands and conduct denial-of-service attacks, leading to potential data, reputational, and monetary losses.
Recommendations
- Replace EoL Devices - Plan and secure upgrades for End-of-Life devices before they stop receiving updates. Moving away from D-Link NAS devices is recommended.
- Secure Network - Ensure WIFI encryption is enabled with a unique password. Avoid direct internet connections for NAS devices and use network segmentation to prevent exploitation.
- Perform Backups - Regularly back up data from your NAS to prevent data loss if access is compromised or devices are locked down.
- Utilize Encryption - Implement AES-256 encryption for data at rest and in transit to protect against data theft. Without the proper decryption key, the data remains inaccessible to unauthorized users.
Associated Bulletins
.jpg)
