Level 54
Content Creator
Malware Hunter
D-Link DNS-320 ShareCenter network-attached storage (NAS) devices are affected by a critical vulnerability that can be exploited remotely to take complete control of a device and access the files stored on it.
Researchers at Vietnam-based CyStack Security discovered the vulnerability and reported it to D-Link in mid-August. An advisory was released by the vendor roughly one month later, but it turned out that the security hole was actually fixed by mistake in April, when D-Link released version 2.06b01 of the firmware to address a weakness exploited by the Cr1ptT0r ransomware to infect D-Link NAS devices.
CyStack has published a technical blog post describing the vulnerability and how it was discovered by its researchers.