CISA Adds D-Link NAS Devices Bugs to Known Exploited Vulnerabilities Catalog

April 11, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several flaws found in D-Link multiple NAS devices to its Known Exploited Vulnerabilities (KEV) catalog.

One of the vulnerabilities, CVE-2024-3272, is a Use of Hard-Coded Credentials Vulnerability that affects D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L. This vulnerability involves a hard-coded credential in these devices, which could enable an attacker to inject commands and execute code remotely without authorization.

CISA has noted that this flaw is present in D-Link products that have reached their end-of-life (EOL) or end-of-service (EOS) lifecycle. As such, the agency advises that these products should be retired and replaced as per the manufacturer's instructions.

Another vulnerability, CVE-2024-3272, is a Command Injection Vulnerability that also affects D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L. This flaw also allows an attacker to inject commands and execute code remotely without authorization. By exploiting both CVE-2024-3272 and CVE-2024-3273, an attacker can gain unauthorized remote code execution capabilities.

This vulnerability also affects D-Link products that have reached their EOL or EOS lifecycle, and CISA recommends that they be retired and replaced as per the manufacturer's instructions.

As per the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have been instructed to address these identified vulnerabilities by May 2, 2024, to protect their networks from potential attacks.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities within their infrastructure. CISA has mandated federal agencies to rectify this vulnerability by May 2, 2024.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.