Critical RCE bug in...
 
Notifications
Clear all

Critical RCE bug in 92000 DLINK NAS devices CVE-2024-3273

1 Posts
1 Users
0 Reactions
177 Views
Brandon Lee
(@brandon-lee)
Posts: 554
Member Admin
Topic starter
 

Heads up if you are using an older DLINK NAS device:

Attackers are targeting 92,000 D-Link NAS devices that are old and unpatched. These devices have a serious security flaw, CVE-2024-3273, caused by a hardcoded account and a command injection issue. Criminals are using this flaw to spread Mirai malware for DDoS attacks.

The attacks began after a security researcher revealed the flaw, which D-Link won't fix because the devices are no longer supported. Affected models include DNS-340L, DNS-320L, DNS-327L, and DNS-325. The flaw lets attackers run commands, access data, change settings, or disrupt services.

D-Link advised replacing these old devices. They also released a security notice and a support page but warned that updates won't fully protect the devices. They highlighted the risk of exposing NAS devices online, especially to ransomware attacks. Other D-Link devices, also outdated, have been targeted by Mirai-based attacks.

https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-92-000-d-link-nas-devices-now-exploited-in-attacks/

 
Posted : 08/04/2024 10:52 pm