Backdoor Affecting Over 92.000 Exposed D-Link NAS Devices Discovered recently. There is no fix patch.
A researcher has discovered a vulnerability in the internal code of several models of D-Link Network Attached Storage (NAS) devices. The researcher nicknamed "Netsecfish" explains that the issue is in the script"/cgi-bin/nas_sharing.cgi
", affecting the "HTTP GET Request Handler" component.
The two main issues that contribute to this vulnerability are tracked as per the code CVE-2024-3273 and is a backdoor that through an account that exists in the source code (username: "messagebus" with an empty password) someone can enter commands.
According to the researcher: "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to sensitive information, modifying system configurations or denial of service conditions".
The device models affected by CVE-2024-3273 are:
- DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013
- DNS-325 Version 1.01
- DNS-327L Version 1.09, Version 1.00.0409.2013
- DNS-340L Version 1.08
Netsecfish says network scans show over 92.000 vulnerable D-Link NAS devices connected to the internet are vulnerable to attacks through these flaws. The specific machines are also available in Greece.
The researcher contacted D-Link about the flaw and when asking when a patch would be released, the company said that these NAS devices had reached end of life (EOL) and were no longer supported.
So D-Link recommends the withdrawal of these products and replacing them with products receiving firmware updates.
D-Link has created a dedicated support page for legacy devices, where owners can browse the archives to find the latest security and firmware updates.
Those who insist on using obsolete material they should at least apply the latest available updates, even if they do not address newly discovered issues such as CVE-2024-3273.
In addition, NAS devices should never be exposed to the internet, as they are often a target for data theft or encryption by ransomware attacks.