Security News D-Link won’t fix critical flaw affecting 60,000 (EoL) older NAS devices

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,238
Content source
https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.

The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the ‘cgi_user_add’ command where the name parameter is insufficiently sanitized.

An unauthenticated attacker could exploit it to inject arbitrary shell commands by sending specially crafted HTTP GET requests to the devices.

The flaw impacts multiple models of D-Link network-attached storage (NAS) devices that are commonly used by small businesses:
  • DNS-320 Version 1.00
  • DNS-320LW Version 1.01.0914.2012
  • DNS-325 Version 1.01, Version 1.02
  • DNS-340L Version 1.08
Click to expand...
In a security bulletin today, D-Link has confirmed that a fix for CVE-2024-10914 is not coming and the vendor recommends that users retire vulnerable products.

If that is not possible at the moment, users should at least isolate them from the public internet or place them under stricter access conditions.
Click to expand...
www.bleepingcomputer.com

D-Link won’t fix critical flaw affecting 60,000 older NAS devices

More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.
www.bleepingcomputer.com www.bleepingcomputer.com
 

Similar threads

Gandalf_The_Grey
    • Like
    • Sad
    • +Reputation
Security News Disconnect Your D-Link NAS From the Internet Right Now
Replies
0
Views
1,341
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Security News QNAP fixes NAS backup software zero-day exploited at Pwn2Own
Replies
1
Views
848
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
Security News D-Link says it is not fixing four RCE flaws in DIR-846W routers
Replies
0
Views
1,778
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top