D-Link Critical Vulnerability - 20240410001¶
Overview¶
The described vulnerability affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others. The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hardcoded credentials, and a command injection vulnerability via the system parameter.
This exploitation could lead to arbitrary command execution on the affected D-Link NAS devices, granting attackers potential access to sensitive information, system configuration alteration, or denial of service, by specifying a command,affecting over 92,000 devices on the Internet.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected | Exploited | Dated |
|---|---|---|---|---|---|
| CVE-2024-3273 | High | 7.3 | DNS-320L, DNS-325, DNS-327L and DNS-340L upto 20240403 | Yes | 11/04/2024 |
| CVE-2024-3272 | Critical | 9.8 | DNS-320L, DNS-325, DNS-327L and DNS-340L upto 20240403 | Yes | 11/04/2024 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices (refer Patch Management):