The Shocking Truth: Over 92,000 D-Link NAS Devices Left Vulnerable with a Backdoor Account!

    Keeping Your Digital World Safe: D-Link Vulnerability Exposed

    Digital security concept

    In April 2024, a security researcher by the username of ‘Netsecfish’ has discovered a concerning flaw in multiple end-of-life D-Link Network Attached Storage (NAS) devices. This arbitrary command injection vulnerability, known as CVE-2024-3273, puts users’ sensitive information and system configurations at risk by allowing attackers to remotely execute commands on the device.

    The flaw lies within the’/cgi-bin/nas_sharing.cgi’ script and is caused by having a hardcoded backdoor account (username: “messagebus” and empty password) and a command injection vulnerability through the “system” parameter. When exploited together, this can lead to unauthorized access and denial of service on the device.

    Example of the malicious request
    Example of the malicious request (Netsecfish|GitHub)

    The affected NAS device models include DNS-320L Version 1.11, Version 1.03.0904.2013, and Version 1.01.0702.2013, DNS-325 Version 1.01, DNS-327L Version 1.09 and Version 1.00.0409.2013, and DNS-340L Version 1.08.

    This vulnerability poses a significant risk, as Netsecfish has discovered over 92,000 vulnerable D-Link NAS devices exposed online and open to attacks. This number serves as a reminder to regularly update or replace outdated devices to ensure secure digital practices.

    The Need for Proactive Protection

    Despite the severity of the vulnerability, D-Link has declared that these NAS devices have reached their end-of-life and are no longer supported, with no patches available. The company recommends retiring these products and replacing them with newer models that continue to receive regular firmware updates.

    D-Link has also emphasized that these legacy devices do not have automatic online updating capabilities or customer outreach features, making it crucial for users to stay vigilant and take proactive measures to keep their devices secure.

    To assist users, the company has set up a dedicated support page for legacy devices, where owners can access archived information for firmware updates and security bulletins. However, for those who continue to use outdated hardware, it is essential to regularly check and apply the latest updates, even if they do not address newly discovered vulnerabilities like CVE-2024-3273.

    Additionally, it is recommended to never expose NAS devices to the internet as they are a prime target for cybercriminals to steal data or initiate ransomware attacks. Keeping your digital world secure requires staying informed and taking necessary precautions to ensure protection. Stay proactive to prevent becoming a victim of cyber threats.

    Latest articles

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here