Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars

Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. 

D-Link NAS CVE-2024-3273 exploited

A second identifier has been assigned to the recently disclosed D-Link network-attached storage (NAS) device vulnerabilities, just as attack attempts have soared.

An individual who uses the online moniker ‘NetworkSecurityFish’ has made public the details of a couple of vulnerabilities that can allow an unauthenticated attacker to hack some D-Link NAS devices.

Attacks can be launched by chaining a hardcoded credentials issue allowing remote access to the device’s web management interface, and a command injection bug. Initially the CVE-2024-3273 was assigned to both flaws, but a second identifier has now been assigned. CVE-2024-3272 is associated with the hardcoded credentials vulnerability and CVE-2024-3273 is for the command injection bug. 

D-Link has published an advisory to inform customers about the vulnerabilities, but the vendor is not releasing patches because all of the affected products have reached end of life. The company is urging customers to replace impacted NAS appliances.

NetworkSecurityFish’s advisory lists four impacted NAS device models, which were initially the only ones listed in D-Link’s advisory as well. However, D-Link has now added 16 other DNS-series device models to its advisory. 

The first exploitation attempts targeting CVE-2024-3273 and CVE-2024-3272 were observed just days after the vulnerabilities came to light. However, the number of exploitation attempts was initially small.

Threat intelligence firm GreyNoise had only seen attacks coming from a single IP address. The number has now increased to 140 unique IPs. 

The Shadowserver Foundation, which has also been tracking exploitation attempts, reported seeing over 150 IPs attempting to exploit the D-Link NAS vulnerabilities as of April 10. 

Advertisement. Scroll to continue reading.

The non-profit cybersecurity organization noted that some of the attacks are associated with Mirai-like botnets, which typically abuse IoT devices to launch DDoS attacks.

The researcher who disclosed the vulnerabilities reported seeing more than 92,000 affected devices connected to the internet, but SecurityWeek noted when the attacks started that the actual number of vulnerable devices appears to be much smaller. 

Indeed, GreyNoise reported seeing roughly 5,500 impacted devices, and Shadowserver is seeing approximately 2,400 devices. 

The US cybersecurity agency CISA on Thursday added both CVE-2024-3273 and CVE-2024-3272 to its Known Exploited Vulnerabilities catalog, instructing government agencies to address them by May 2. CISA’s catalog includes an additional 16 D-Link product vulnerabilities.

Related: D-Link Says Hacker Exaggerated Data Breach Claims

Related: Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files

Related: 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights