Targeted Attacks using Exploited RCE Bug in Over 92,000 D-Link NAS Devices

    The Importance of Securing Your Network Attached Storage Devices

    In today’s digital age, more and more devices are connected online, making it easier for attackers to exploit vulnerabilities and gain access to sensitive information. One such vulnerable device is D-Link’s Network Attached Storage (NAS) devices, which are now being actively targeted by threat actors.

    According to recent reports, over 92,000 end-of-life D-Link NAS devices have been exposed online and remain unpatched against a critical remote code execution (RCE) zero-day flaw.

    The vulnerability, which is the result of a backdoor facilitated through a hardcoded account and a command injection issue, can be used by attackers to execute arbitrary commands, potentially leading to unauthorized access to sensitive information, system configuration modification, or even denial of service attacks.

    Not only are the attackers exploiting this vulnerability, but they are also using it in conjunction with a variant of the notorious Mirai malware to add infected devices to a botnet that can then be used in DDoS attacks.

    This is a clear reminder of the importance of securing all devices connected to the internet, especially those that contain sensitive data. As D-Link no longer supports these end-of-life NAS devices, it is recommended to replace them with newer models that receive firmware updates regularly.

    D-Link’s Response and Recommendations

    After the security vulnerability was disclosed, D-Link released a security advisory and created a support page for legacy devices, advising owners to retire or replace the affected devices as soon as possible. However, many of these devices do not have automatic online updating or alert delivery capabilities, making it difficult for owners to be aware of ongoing attacks.

    In the US, where these devices are still in use, D-Link warns users to make sure they have the latest firmware installed. Additionally, NAS devices should not be exposed online as they are a common target for ransomware attacks, often resulting in data theft or encryption.

    It is crucial to regularly check for and apply security updates for all connected devices, and to keep them secure from potential attacks by not exposing them online.

    As technology continues to advance, it is essential to stay aware of potential risks and take necessary steps to secure devices and protect sensitive data. With timely updates and proper security measures, we can help prevent attacks and keep our devices and data safe.

    Image: Midjourney

    Vulnerable D-Link NAS devices exposed online
    Vulnerable D-Link NAS devices exposed online (Netsecfish)

    The Risks of End-of-Life Devices

    The recent targeting of end-of-life D-Link NAS devices highlights the potential risks associated with using these devices beyond their service life. Not only are these devices no longer being supported and updated by the manufacturer, but they are also more likely to have vulnerabilities that can be easily exploited by attackers.

    With cyber threats becoming increasingly sophisticated, it is necessary to regularly update and replace older devices to ensure the security of our data and networks.

    The table below shows the end-of-service life dates and information on fixed firmware for the affected D-Link NAS device models:

    Model End of Service Life Fixed Firmware Recommendation
    DNS-320L 05/31/2020: Link Not Available Retire & Replace
    DNS-325 09/01/2017: Link Not Available Retire & Replace
    DNS-327L 05/31/2020: Link Not Available Retire & Replace
    DNS-340L 07/31/2019: Link Not Available Retire & Replace

    Note: The above table is for reference only and may not be up to date. Please refer to D-Link’s official support website for the latest information on security updates for legacy devices.

    It is clear that the best course of action is to retire and replace end-of-life devices, and only use devices that are actively supported and receive regular security updates.


    In conclusion, it is essential to prioritize network security and regularly check for and apply updates to all devices, especially end-of-life devices that are vulnerable to attacks. By following the manufacturer’s recommendations and replacing outdated devices, we can prevent potential data breaches and secure our networks from cyber threats.

    Latest articles

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here