Backdoor affecting over 92.000 exposed company NAS devices D-Link recently discovered. There is no fix patch.
A researcher has discovered a vulnerability in the internal code of several models of Network Attached devices Storage (NAS) from D-Link. The researcher nicknamed “Netsecfish” explains that the issue is in the script"/cgi-bin/nas_sharing.cgi
“, affecting the “HTTP GET Request Handler” element.
The two main issues that contribute to this vulnerability are tracked as per the code CVE-2024-3273 and it is a backdoor that through an account that exists in the source code (username: “messagebus” with an empty password) someone can enter commands.
According to the researcher: "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to sensitive information, modification of system configurations, or denial of service conditions."
The device models affected by CVE-2024-3273 are:
- DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013
- DNS-325 Version 1.01
- DNS-327L Version 1.09, Version 1.00.0409.2013
- DNS-340L Version 1.08
Netsecfish says network scans show over 92.000 vulnerable Internet-connected D-Link NAS devices are susceptible to attacks μέσω αυτών των ελαττωμάτων. Τα συγκεκριμένα μηχανήματα κυκλοφορούν και στην Greece.
The researcher contacted D-Link about the flaw and when asking when a patch would be released, the company said that these NAS devices had reached end of life (EOL) and were no longer supported.
So D-Link recommends the withdrawal of these products and their replacement with products receiving firmware updates.
D-Link has created a dedicated support page for legacy devices, where owners can browse the archives to find the latest security and firmware updates.
Those who insist on using outdated hardware should at least apply the latest available updates, even if they don't address newly discovered issues like CVE-2024-3273.
In addition, NAS devices should never be exposed to the internet, as they are often a target for data theft or encryption by ransomware attacks.