silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
D-Link DNS-320 ShareCenter network-attached storage (NAS) devices are affected by a critical vulnerability that can be exploited remotely to take complete control of a device and access the files stored on it.
Researchers at Vietnam-based CyStack Security discovered the vulnerability and reported it to D-Link in mid-August. An advisory was released by the vendor roughly one month later, but it turned out that the security hole was actually fixed by mistake in April, when D-Link released version 2.06b01 of the firmware to address a weakness exploited by the Cr1ptT0r ransomware to infect D-Link NAS devices.
CyStack has published a technical blog post describing the vulnerability and how it was discovered by its researchers.
Flaw Gives Hackers Remote Access to Files Stored on D-Link DNS-320 Devices
A critical vulnerability affecting D-Link DNS-320 NAS devices can be exploited remotely from the internet to take complete control of the system and the files stored on it.
www.securityweek.com