Jump to content
  • 🚀 Join the Uncrowned Addiction Community Today! 🚀

    Say Goodbye to Ads and Hello to Tech Talk!

    👋 Hey there, tech enthusiast! Noticed those pesky ads? Well, we've got great news for you! Sign up for free at Uncrowned Addiction and enjoy an ad-free experience as part of our vibrant tech community.

    Why Join Us?

    • Friendly Community: Connect with fellow tech lovers in a welcoming and supportive environment.
    • Engaging Discussions: From the latest tech trends to timeless tech debates, dive into discussions that matter to you.
    • Share Your Knowledge: Got tech insights or questions? This is your platform to share, learn, and grow.
    • Ad-Free Browsing: Once you're a member, those AdSense ads disappear, making your experience smoother and more enjoyable.

    Becoming part of Uncrowned Addiction means joining a community where your love for technology is shared and celebrated. Sign up now and start your journey with us – where curiosity meets community!

    👉 Join us – it's free, it's fun, and it's all about tech! 👈

  • AdSense Advertisement


  • AdSense Advertisement


  • AdSense Advertisement


Recommended Posts

Posted

Unaddressed Security Risk Looming Over Tens of Thousands of D-Link NAS Devices

The renowned technology firm, D-Link, has come under fire for opting not to resolve a serious security vulnerability in numerous older models of its network-attached storage (NAS) devices. This decision leaves over 60,000 of its products exposed to potential unauthenticated command injection attacks. The discovery of the critical flaw, identified as CVE-2024-10914, was credited to security researcher Netsecfish. The vulnerability can be exploited through an HTTP GET request, sent to the account_mgr.cgi script, one of the integral elements of the NAS system's functionality.

Specific D-Link Models Identified as Vulnerable

A range of older D-Link NAS models have been called out as vulnerable due to this issue, namely DNS-320 Version 1.00, DNS-320LW Version 1.01.0914.2012, DNS-325 Version 1.01 and Version 1.02, and DNS-340L Version 1.08. Risk managers at D-Link have decided these models have outlived their life cycle, choosing not to dispatch any security updates or patches to the enumerated devices. Citing the end-of-life/end-of-service (EOL/EOS) status of these models, D-Link has recommended customers retire and replace their older NAS devices with newer models.

Current Threat Assessment and Advisories

Netsecfish carried out an in-depth vulnerability analysis of the affected D-Link devices, with the findings suggesting over 61,000 threats detected across 41,097 unique IP addresses. Despite the National Vulnerability Database assessing the complexity of the attack as high, making exploiting the vulnerability rather challenging, the risk level cannot be dismissed. Individuals with the necessary skills and knowledge could feasibly target any publicly accessible D-Link NAS device.

If you are an end-user of the affected models, it is imperative to either replace your current system with a newer version promptly or adopt protective measures. According to Netsecfish, your NAS settings menu or interface should be accessible only to verified IP addresses. It's also advised to disconnect your NAS device from the public network, guaranteeing authorized access only.

Alternative options include sourcing third-party firmware compatible with your D-Link model, but be aware of the sources' integrity to avoid further security breaches..


View full article

AdSense Advertisement


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • AdSense Advertisement


  • AdSense Advertisement


  • AdSense Advertisement


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.