Vital bug in EoL D-Hyperlink NAS units now exploited in assaults

​Attackers now goal a important severity vulnerability with publicly out there exploit code that impacts a number of fashions of end-of-life D-Hyperlink network-attached storage (NAS) units.

Tracked as CVE-2024-10914, the command injection vulnerability was discovered by safety researcher Netsecfish, who additionally shared exploitation particulars and mentioned that unauthenticated attackers might exploit it to inject arbitrary shell instructions by sending malicious HTTP GET requests to susceptible NAS units uncovered on-line.

The affected units NAS fashions listing consists of DNS-320 Model 1.00, DNS-320LW Model 1.01.0914.2012, DNS-325 Model 1.01, Model 1.02, and DNS-340L Model 1.08.

The assaults began after D-Hyperlink mentioned on Friday that it would not repair the safety flaw as a result of it solely impacts end-of-life NAS fashions, warning clients to retire affected units or improve them to newer merchandise.

“Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported by D-Link. D-Link US recommends retiring and replacing D-Link devices that have reached EOL/EOS,” the corporate mentioned.

Nevertheless, because the Shadowserver risk monitoring service found, risk actors took discover and began focusing on the vulnerability on Monday.

“We have observed D-Link NAS CVE-2024-10914 /cgi-bin/account_mgr.cgi command injection exploitation attempts starting Nov 12th. This vuln affects EOL/EOS devices, which should be removed from the Internet,” Shadowserver warned.

FOFA scan for exposed D-Link NAS devices
FOFA scan for uncovered D-Hyperlink NAS units (Netsecfish)

​Whereas Shadowserver mentioned it noticed simply over Web-exposed 1,100 D-Hyperlink NAS units, Netsecfish mentioned it discovered over 41,000 distinctive IP addresses on-line utilized by susceptible units in an Web scan with Huashun Xin’an’s FOFA platform.

In April, Netsecfish additionally reported a hardcoded backdoor and an arbitrary command injection flaw—impacting virtually the identical D-Hyperlink NAS fashions and collectively tracked as CVE-2024-3273—that may be chained to execute instructions on the gadget remotely.

As a D-Hyperlink spokesperson advised BleepingComputer in April, the affected NAS units should not have computerized updating capabilities or buyer outreach options to push alerts. Subsequently, these utilizing end-of-life units are suggested to limit entry from the Web as quickly as attainable, as they have been focused in ransomware assaults prior to now.

“Typically, D-Link cannot resolve device or firmware issues for these products since all development and customer support have ceased,” the corporate famous on Friday.

“D-Link strongly recommends retiring this product and cautions that further use may be risky to connected devices. If US consumers continue to use these devices against D-Link’s recommendation, please ensure the device has the latest firmware.”

Recent articles

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...