Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices

Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild.

D-Link NAS CVE-2024-3273 exploited

An unpatched vulnerability that could affect many D-Link network-attached storage (NAS) devices is apparently being exploited in the wild.

The vulnerability, tracked as CVE-2024-3273, was disclosed recently — along with a proof-of-concept (PoC) exploit — by an individual who uses the online moniker ‘NetworkSecurityFish’. 

According to an advisory published by this individual on GitHub, the flaw impacts DNS-340L, DNS-320L, DNS-327L, and DNS-325, among other, unspecified models. While there is only one CVE identifier, there are two issues: hardcoded credentials that allow remote access to the device’s web management interface, and a command injection bug. 

Chained together, these weaknesses allow an unauthenticated attacker to execute arbitrary commands on a device, enabling them to gain access to information, change system configuration, or cause a DoS condition, NetworkSecurityFish said.

D-Link has published an advisory confirming that the four models named by NetworkSecurityFish are impacted, but did not name others that could be affected. The company is urging customers to stop using impacted devices since they have reached end of life (EOL) several years ago and will not receive patches. 

A few days after D-Link published its advisory, the cybersecurity industry started seeing attempts to exploit CVE-2024-3273.

Threat intelligence company GreyNoise is tracking exploitation attempts and to date it has seen attacks coming from a single IP address.

The Shadowserver Foundation on Monday reported seeing “scans/exploits from multiple IPs”. 

Advertisement. Scroll to continue reading.

It’s possible that some of the scans are conducted by cybersecurity companies or independent researchers, but malicious exploitation attempts are also likely occurring considering that it’s not uncommon for threat actors to target D-Link devices. 

The US cybersecurity agency CISA is currently aware of 16 D-Link product vulnerabilities that have been exploited in the wild. NAS devices in general are often targeted in malicious attacks. 

NetworkSecurityFish has published a screenshot of a search conducted using the FOFA search engine, which appears to show 92,000 results for what he claims to be affected D-Link NAS devices. It’s unclear if the search accurately shows the number of impacted devices. 

Shadowserver, for instance, shows only a few thousand internet-exposed devices that match the D-Link NAS models that are specifically named by the researcher and the vendor.

Related: D-Link Says Hacker Exaggerated Data Breach Claims

Related: Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files

Related: 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights