Jump to content
  • Sign Up
×
×
  • Create New...

D-Link refuses to patch a security flaw on over 60,000 NAS devices — the company instead recommends replacing legacy NAS with newer models

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

D-Link refuses to patch a security flaw on over 60,000 NAS devices — the company instead recommends replacing legacy NAS with newer models

Security researcher Netsecfish discovered a critical flaw in several popular D-Link NAS models that could allow an unauthenticated attacker to ******** a command injection ******* via an HTTP GET request. According to

This is the hidden content, please
(h/t
This is the hidden content, please
), the vulnerability is in the account_mgr.cgi script, where they could add the malicious input in the name parameter to ******** the exploit. This issue is tracked in the National Vulnerability Database (NVD) as CVE-2024-10914 and declared a critical flaw with a severity score 9.2.

The following D-Link models are affected by the issue: DNS-320 Version 1.00, DNS-320LW Version 1.01.0914.2012, DNS-325 Version 1.01, Version 1.02, and DNS-340L Version 1.08.

Unfortunately for the users of these devices, D-Link declined to release a security patch for this issue, noting that “Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported by D-Link.” The affected models have all reached their end-of-life/end-of-service date as of 2020, and “D-Link US recommends retiring and replacing D-Link devices that have reached EOL/EOS.”

Netsecfish conducted an FOFA of the affected D-Link models, and the platform returned 61,147 results with 41,097 unique IP addresses. Although the NVD says that the ******* complexity might be high and exploiting the vulnerability is difficult, anyone with the knowledge and capability could theoretically access any of these publicly available D-Link NAS machines.

If you’re using one of these models, it’s highly recommended that you replace your NAS system with one that’s still receiving patches from the manufacturer. If that isn’t possible right now, Netsecfish suggests restricting access to your NAS settings menu/interface to only trusted IP addresses. You could also isolate your NAS from the public internet to ensure that only authorized users can interact with it.

Alternatively, you could look for third-party firmware supporting the affected hardware. However, you must ensure you download the firmware from a trusted source. But if you think it’s time to get a new NAS for your home, office, or business, you should check out our list of the best NAS before picking one to install.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.



This is the hidden content, please

#DLink #refuses #patch #security #flaw #NAS #devices #company #recommends #replacing #legacy #NAS #newer #models

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept