SAN FRANCISCO, California, Tuesday, April 16, 2024 – A recent report by cybersecurity news outlet The Hacker News (thehackernews.com) detailed critical security vulnerabilities affecting an estimated 92,000 D-Link network-attached storage (NAS) devices. 1
D-Link has not announced plans to issue patches for these vulnerabilities, instead advising users to replace their outdated NAS devices with newer models.
These vulnerabilities are actively being exploited by malicious actors.
The report identified two specific flaws, CVE-2024-3272 and CVE-2024-3273, impacting older D-Link products that are no longer supported by the company.
These vulnerabilities could grant attackers unauthorized remote access to the affected devices.
The report said that exploitation of these vulnerabilities could allow attackers to take control of affected D-Link NAS devices, potentially accessing sensitive data, altering system configurations, or even disabling the devices entirely.
The report specifies D-Link NAS models DNS-320L, DNS-325, DNS-327L, and DNS-340L as being particularly susceptible. Additionally, it suggests attackers may be leveraging these vulnerabilities to propagate the Mirai malware.
Security experts recommend that users with these affected D-Link NAS devices either disconnect them from the internet entirely or implement a firewall for added protection until a permanent solution becomes available.
- thehackernews.com: https://thehackernews.com/2024/04/critical-flaws-leave-92000-d-link-nas.html[↩]
