Aged D-Link NAS Devices Are Being Exploited by Hackers
D-Link Tells Owners to Buy a Newer ModelNetwork-attached storage manufacturer D-Link says owners of devices vulnerable to remote takeover exploits should suck it up and buy a replacement.
See Also: Simplified Disaster Recovery with Pure Protect //DRaaS
Internet scans have tallied the number of affected NAS devices - a handful of servers released on average a decade ago - at more than 92,000.
Security researchers late last month disclosed two vulnerabilities affecting DNS-340L, DNS-320L, DNS-327L, and DNS-325 devices.
The vulnerability lies within the nas_sharing.cgi
URL, which hackers could exploit two ways: by using hard-coded credentials to insert a backdoor or by command injection.
Tracked as CVE-2024-3272 and CVE-2024-3273, the flaws allow hackers access to sensitive data, allow them to change system configurations, or cause denial of service.
The Taiwanese manufacturer D-Link's response last Thursday was to tell owners that there won't be a patch and that the devices should "be retired and replaced." The devices reached their official end of service life four or more years ago - one of them in 2017.
The Shadowserver Foundation on Monday said that it's seeing scans and exploits originating from multiple internet addresses for CVE-2024-3273.
"Exploit and PoC details are public. As there is no patch for this vulnerability, these devices should be taken offline/replaced or at least have their remote access firewalled," the foundation said.
According to GreyNoise, threat actors are using the flaws to unleash a modified version of Mirai botnet malware skid.x86.