An active exploitation of critical vulnerabilities in D-Link Network Attached Storage (NAS) devices has raised concerns for D-Link users exposing 92,000 devices. Identified as CVE-2024-3272 and CVE-2024-3273, these D-Link NAS vulnerabilities were reported on GitHub on March 26, 2024, and later confirmed by D-Link on April 4, 2024.
A user named “netsecfish” disclosed these D-Link vulnerabilities and it targets the nas_sharing.cgi CGI script, posing severe risks to affected devices. CVE-2024-3272 exposes hard-coded credentials, while CVE-2024-3273 enables remote attackers to execute arbitrary commands via command injection.
This combination allows unauthorized access, data breaches, system configuration alterations, and potential denial-of-service attacks.
Decoding the D-Link NAS Vulnerabilities and Its Impact
Cyble Global Sensor Intelligence (CGSI) has detected ongoing exploitation attempts of these vulnerabilities since April 9, indicating the weaponization of publicly available exploits by threat actors (TAs). Notably, the majority of these attacks originate from China, highlighting the geographical impact of the issue.
Furthermore, on April 8, 2024, Cyble Researcher & Intelligence Labs (CRIL) observed a post on a prominent Russian cybercrime forum where a threat actor shared an exploit targeting D-Link NAS instances affected by CVE-2024-3273.
The shared exploit demonstrated access to the root account, highlighting the severity of the vulnerabilities.
Affected products include D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L up to April 3, 2024. Moreover, Cyble researchers found 94,446 internet-exposed D-Link NAS devices, with concentrations in the United Kingdom, Thailand, Italy, Germany, and Hungary.
D-Link NAS Vulnerabilities and Mitigation Strategies
The exploitation of D-Link NAS devices poses a grave risk to organizations’ security postures. As many affected devices have reached their End-of-Life (EOL) or End-of-Service (EOS) status, they lack firmware updates and adequate support, making them vulnerable to exploitation. Moreover, interconnectedness within networks amplifies the potential impact, exposing enterprises to risks.
The mitigation strategies for organizations facing critical D-Link NAS vulnerabilities include taking several key actions to mitigate risks and enhance their cybersecurity posture. Firstly, they should prioritize upgrading to supported versions or replacing End-of-Life (EOL) or End-of-Service (EOS) products with newer alternatives that receive regular security updates.
Secondly, isolating EOL/EOS products into separate network segments can minimize exposure to threats and limit potential network impact. Additionally, deploying firewalls, intrusion detection systems (IDS), and network monitoring solutions can bolster overall security. Regular security assessments and vulnerability scans are essential for identifying and addressing weaknesses promptly.
Developing and implementing risk mitigation plans, including contingency measures and business continuity strategies, is crucial. Maintaining communication with vendors for extended support options and collaborating with the cybersecurity community can further address concerns effectively. Lastly, educating users and administrators about the risks associated with unsupported software and promoting adherence to security best practices is essential for safeguarding organizational assets.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
