Jump to content
  • AdSense Advertisement


  • AdSense Advertisement


  • AdSense Advertisement


  • Uncrowned Guard
    Uncrowned Guard

    D-Link NAS Devices Face Security Risk, Thousands Exposed

      TL;DR: Over 60,000 D-Link NAS devices are vulnerable to unauthenticated command injection attacks due to an unresolved security flaw (CVE-2024-10914) discovered by Netsecfish. Affected models, including DNS-320, DNS-320LW, DNS-325, and DNS-340L, are deemed obsolete by D-Link, which offers no security updates for them. Despite a high attack complexity, the risk remains significant if devices are accessible online. Users should replace or isolate these devices, apply network restrictions, or consider third-party firmware cautiously. Upgrading to newer NAS models is recommended for enhanced security.

    Unaddressed Security Risk Looming Over Tens of Thousands of D-Link NAS Devices

    The renowned technology firm, D-Link, has come under fire for opting not to resolve a serious security vulnerability in numerous older models of its network-attached storage (NAS) devices. This decision leaves over 60,000 of its products exposed to potential unauthenticated command injection attacks. The discovery of the critical flaw, identified as CVE-2024-10914, was credited to security researcher Netsecfish. The vulnerability can be exploited through an HTTP GET request, sent to the account_mgr.cgi script, one of the integral elements of the NAS system's functionality.

    Specific D-Link Models Identified as Vulnerable

    A range of older D-Link NAS models have been called out as vulnerable due to this issue, namely DNS-320 Version 1.00, DNS-320LW Version 1.01.0914.2012, DNS-325 Version 1.01 and Version 1.02, and DNS-340L Version 1.08. Risk managers at D-Link have decided these models have outlived their life cycle, choosing not to dispatch any security updates or patches to the enumerated devices. Citing the end-of-life/end-of-service (EOL/EOS) status of these models, D-Link has recommended customers retire and replace their older NAS devices with newer models.

    Current Threat Assessment and Advisories

    Netsecfish carried out an in-depth vulnerability analysis of the affected D-Link devices, with the findings suggesting over 61,000 threats detected across 41,097 unique IP addresses. Despite the National Vulnerability Database assessing the complexity of the attack as high, making exploiting the vulnerability rather challenging, the risk level cannot be dismissed. Individuals with the necessary skills and knowledge could feasibly target any publicly accessible D-Link NAS device.

    If you are an end-user of the affected models, it is imperative to either replace your current system with a newer version promptly or adopt protective measures. According to Netsecfish, your NAS settings menu or interface should be accessible only to verified IP addresses. It's also advised to disconnect your NAS device from the public network, guaranteeing authorized access only.

    Alternative options include sourcing third-party firmware compatible with your D-Link model, but be aware of the sources' integrity to avoid further security breaches..


    Image Credit: D-Link

    Todd "Uncrowned Guard" Badman is an avid tech enthusiast with a deep passion for consumer technology, especially home servers and self-hosted solutions. With extensive experience in setting up and managing personal tech environments, Todd is dedicated to empowering users to take control of their digital lives. He strives to provide clear, unbiased information to help others navigate the ever-evolving world of technology with confidence and ease.

    Email Todd | Visit Profile | Direct Message

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • News Categories

  • AdSense Advertisement


  • AdSense Advertisement


  • AdSense Advertisement


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.