A critical vulnerability opens up new avenues for data theft.
An independent cybersecurity researcher under the pseudonym "Netsecfish" discovered a serious vulnerability in several D-Link network storage models that are no longer supported by the manufacturer. The problem lies in the script "/cgi-bin / nas_sharing.cgi", which affects the HTTP GET request handler component.
The vulnerability, designated CVE-2024-3273, is related to the presence of a hard-wired account in the software (the username "messagebus" without a password) and the ability to inject commands through the "system" parameter. This allows attackers to remotely execute commands on the device.
An example of a PoC exploit published by the researcher clearly shows how adding a base64-encoded command to the "system" parameter causes it to be executed on the device.
The white Hacker warns that successful use of this vulnerability can lead to unauthorized access to sensitive information, change system settings, or create conditions for a denial-of-service attack.
The device models affected by CVE-2024-3273 are as follows:
According to Netsecfish, the network has detected more than 92,000 vulnerable D-Link devices that are at risk of attacks through this vulnerability.
D-Link reported that the devices have reached the end of their life cycle and are no longer supported. The manufacturer recommends replacing outdated devices with those models that will still receive firmware updates.
D-Link also published a security bulletin on its official website to raise customer awareness of the vulnerability. And on the special support page for legacy devices, users can find the latest security updates and firmware available for hardware models that were officially discontinued by the manufacturer.
The company also emphasizes that NAS drives should never be accessible from the Internet, as they are often targeted for data theft or ransomware attacks.
An independent cybersecurity researcher under the pseudonym "Netsecfish" discovered a serious vulnerability in several D-Link network storage models that are no longer supported by the manufacturer. The problem lies in the script "/cgi-bin / nas_sharing.cgi", which affects the HTTP GET request handler component.
The vulnerability, designated CVE-2024-3273, is related to the presence of a hard-wired account in the software (the username "messagebus" without a password) and the ability to inject commands through the "system" parameter. This allows attackers to remotely execute commands on the device.
An example of a PoC exploit published by the researcher clearly shows how adding a base64-encoded command to the "system" parameter causes it to be executed on the device.
The white Hacker warns that successful use of this vulnerability can lead to unauthorized access to sensitive information, change system settings, or create conditions for a denial-of-service attack.
The device models affected by CVE-2024-3273 are as follows:
- DNS-320L software versions 1.11, 1.03.0904.2013, 1.01.0702.2013;
- DNS-325 software version 1.01;
- DNS-327L software version1. 09, Version 1.00.0409.2013;
- DNS-340L Version 1.08.
According to Netsecfish, the network has detected more than 92,000 vulnerable D-Link devices that are at risk of attacks through this vulnerability.
D-Link reported that the devices have reached the end of their life cycle and are no longer supported. The manufacturer recommends replacing outdated devices with those models that will still receive firmware updates.
D-Link also published a security bulletin on its official website to raise customer awareness of the vulnerability. And on the special support page for legacy devices, users can find the latest security updates and firmware available for hardware models that were officially discontinued by the manufacturer.
The company also emphasizes that NAS drives should never be accessible from the Internet, as they are often targeted for data theft or ransomware attacks.
