Skip to content Skip to footer

Actively Exploited Security Flaws Impact 92,000 D-Link NAS Devices

Threat actors target around 92,000 internet-exposed D-Link network-attached storage (NAS) devices affected by two security flaws ( and CVE-2024-3273). These are found in outdated D-Link products that have reached end-of-life status. D-Link has released a security advisory with some recommendations to mitigate the impact of the .

Introduction:

The need for network-attached storage (NAS) devices is rising as the world becomes increasingly connected. NAS devices allow users to store and access data from anywhere in the world using the internet. This convenience, however, has a downside: it exposes the devices to potential security risks. Two security flaws have recently been discovered in D-Link NAS devices that have reached end-of-life status. These attract the attention of threat actors who are actively scanning and exploiting them.

The :

The two , CVE-2024-3272 and CVE-2024-3273, have been identified in legacy D-Link products no longer supported by the manufacturer. CVE-2024-3272 has a CVSS score of 9.8, which is considered critical, while CVE-2024-3273 has a score of 7.3, which is classified as high severity. CVE-2024-3272 is a vulnerability allowing attackers to execute arbitrary code on the affected device. At the same time, CVE-2024-3273 is a cross-site scripting (XSS) vulnerability that can allow attackers to inject malicious scripts into web pages viewed by the device users.

The Impact:

The can significantly impact the security of the affected devices. If exploited, they can allow attackers to access sensitive data stored on the device, execute arbitrary code, and take control of the device. This can lead to data theft, malware infections, and other types of cyberattacks.

The Mitigation:

D-Link has released a security advisory that provides some recommendations to mitigate the impact of the . These include updating to the latest firmware, turning off remote management, and restricting access to the device to trusted IP addresses. Users are also advised to monitor their devices for suspicious activity and to report any potential security breaches to their IT department or security provider.

The discovery of these highlights the importance of keeping devices updated with the latest security patches and firmware updates. Users should also be vigilant and cautious when accessing their devices remotely and take steps to secure them against potential cyber threats. By following the recommendations provided by D-Link and staying informed about the latest security trends, users can help protect themselves and their data from malicious actors.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

What you see on these screens up here is a fantasy; a computer enhanced hallucination!Stephen Falken

Deitasoft © 2024. All Rights Reserved.