Ethical Hacking News
End-of-life D-Link NAS devices are being targeted by attackers due to a newly discovered critical vulnerability. Users of affected devices must take immediate action to secure their systems and protect against exploitation.
D-Link NAS devices have a critical bug (CVE-2024-10914) that allows unauthenticated attackers to inject arbitrary shell commands. Affected models include DNS-320, DNS-320LW, DNS-325, and DNS-340L. These devices are no longer supported by D-Link and will not receive security patches or updates. Over 41,000 unique IP addresses have been identified as belonging to vulnerable devices. D-Link recommends retiring and replacing affected devices with newer products.
Critical bug in EoL D-Link NAS devices now exploited in attacks
A recent discovery has exposed a critical vulnerability in end-of-life (EoL) D-Link network-attached storage (NAS) devices, which have been targeted by attackers in recent days. The vulnerability, tracked as CVE-2024-10914, was identified by security researcher Netsecfish and found to be a command injection vulnerability that allows unauthenticated attackers to inject arbitrary shell commands into vulnerable NAS devices.
The affected D-Link NAS models include the DNS-320 Version 1.00, DNS-320LW Version 1.01.0914.2012, DNS-325 Version 1.01, and DNS-340L Version 1.08. These devices are no longer supported by D-Link due to reaching their end-of-life status, and the company has explicitly stated that they will not provide any security patches or updates for these models.
However, as a result of this vulnerability being exposed, threat actors have begun targeting the affected NAS devices, exploiting the command injection vulnerability to inject malicious HTTP GET requests. This allows attackers to gain unauthorized access to the device, potentially leading to further exploitation and compromise.
According to Netsecfish, over 41,000 unique IP addresses have been identified as belonging to vulnerable D-Link NAS devices, which were discovered during an internet scan using Huashun Xin'an's FOFA platform. Shadowserver, a threat monitoring service, also reported spotting exploitation attempts against the vulnerable devices starting on November 12th.
It is worth noting that the affected D-Link NAS devices do not have automatic updating capabilities or customer outreach features to push alerts, which makes it even more critical for users of these devices to take proactive measures to secure their systems. As a result, D-Link strongly recommends retiring and replacing these affected devices with newer products.
The discovery of this vulnerability highlights the ongoing importance of staying vigilant in the face of ever-evolving security threats. As technology advances, new vulnerabilities are constantly being discovered, and it is essential for individuals and organizations to stay informed about potential risks and take steps to mitigate them.
In light of this critical vulnerability, it is crucial that users of affected D-Link NAS devices take immediate action to secure their systems. This includes restricting access from the internet as soon as possible, ensuring that the device has the latest firmware installed, and taking other necessary precautions to prevent exploitation.
Furthermore, the incident serves as a reminder of the importance of responsible disclosure practices in the cybersecurity community. By responsibly disclosing vulnerabilities and providing users with timely information about potential threats, security researchers and experts can help mitigate risks and promote overall system security.
In conclusion, the recent discovery of the critical vulnerability in end-of-life D-Link NAS devices highlights the ongoing need for vigilance and proactive measures to secure our systems against emerging threats. As we move forward in this ever-evolving landscape, it is essential that individuals and organizations remain informed about potential risks and take steps to mitigate them.
Related Information:
https://www.bleepingcomputer.com/news/security/critical-bug-in-eol-d-link-nas-devices-now-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-10914
https://www.cvedetails.com/cve/CVE-2024-10914/
Published: Wed Nov 13 14:27:48 2024 by llama3.2 3B Q4_K_M
