D-Link NAS: Over 92,000 Devices Vulnerable Unpatched Backdoor, here is what to know.
D-Link NAS: A recent revelation has sent shockwaves through the tech world. Over 92,000 D-Link Network Attached Storage (NAS) devices have been found to possess a backdoor account. This discovery was made by a threat researcher who identified an arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link NAS device models.
The Vulnerability in D-Link NAS devices.
The vulnerability, tracked as CVE-2024-3273, is twofold. Firstly, it involves a backdoor facilitated through a hardcoded account with the username “messagebus” and an empty password. Secondly, there’s a command injection problem via the “system” parameter. When these two issues are chained together, any attacker can remotely execute commands on the device.
The Impact
Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, modification of system configurations, or even denial of service conditions. The device models impacted by CVE-2024-3273 include DNS-320L, DNS-325, DNS-327L, and DNS-340L.
Patching Status of D-Link NAS devices.
Unfortunately, these NAS devices have reached the end of life (EOL) and are no longer supported. D-Link has stated that all resources associated with these products have ceased their development. As such, no patches are available for these vulnerabilities.
Mitigation Measures
Despite the lack of patches, there are still steps that users can take to mitigate the risks. D-Link recommends retiring these products and replacing them with products that receive firmware updates. Additionally, users who insist on using outdated hardware should apply the latest available updates. Even though these won’t address newly discovered problems like CVE-2024-3273, they can still provide some level of protection.
Conclusion
In conclusion, the discovery of the backdoor account in over 92,000 D-Link NAS devices serves as a stark reminder of the importance of regular device updates and the risks associated with using end-of-life products. Users are urged to take immediate action to mitigate the risks associated with this vulnerability.
You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.
Share this content:
Post Comment