The Information Highway

The Information Highway

Font size: +
2 minutes reading time (362 words)

D-Link NAS vulnerabilities

Threat update

Two vulnerabilities were found in legacy D-Link products that have reached end-of-life (EoL) status. The vulnerabilities can cause command injection and backdoor account to these devices. This Cybersecurity Threat Advisory discusses the impact of the threat, as well as recommendations to mitigate risks these vulnerabilities may cause.

Technical Detail and Additional Info

What is the threat?

The identified critical vulnerability, CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273, affects D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L models up to 20240403. It pertains to an undisclosed function within the file /cgi-bin/nas_sharing.cgi of the HTTP GET Request Handler component. Exploitation involves manipulation of the system argument, resulting in command injection. Remote exploitation is possible, as the exploit has been publicly disclosed (VDB-259284). 

The vulnerability in nas_sharing.cgi script entails:

  • Backdoor via username and password exposure: The request includes parameters for a username (user=messagebus) and an empty password field (passwd=), indicating a backdoor that allows unauthorized access without proper authentication.
  • Command injection through the system parameter: The request's system parameter carries a base64 encoded value, which upon decoding, reveals a command.

Why is it noteworthy?

Successful exploitation of these flaws could lead to arbitrary command execution on affected D-Link NAS devices, granting threat actors access to sensitive information, enabling alterations to system configurations, or triggering denial-of-service (DoS) conditions. 

What is the exposure or risk?

The vulnerabilities affect the following models:

  • DNS-320L: Versions 1.11, 1.03.0904.2013, 1.01.0702.2013
  • DNS-325: Version 1.01
  • DNS-327L: Versions 1.09, 1.00.0409.2013
  • DNS-340L: Version 1.08

What are the recommendations?

 LBT Technology Group, LLC. suggests the following measures to ensure the security of your environment in light of this vulnerability:

  • Remove the affected versions from your environment and replace them with supported D-Link versions to receive firmware updates.
  • If replacing the affected product is not possible, it is recommended to apply the latest available updates, even if it may not address newly discovered issues.
  • Visit D-Link's dedicated support page for legacy devices to navigate archives for the latest security and firmware updates

References

Critical flaws in Ivanti
XZ Utils supply chain vulnerability

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023