End-of-Life D-Link NAS Devices Under Attack Due to Critical Bug

November 13, 2024

A critical vulnerability, identified as CVE-2024-10914, is being actively exploited in several models of end-of-life D-Link network-attached storage (NAS) devices. The command injection vulnerability was discovered by a security researcher known as Netsecfish. The researcher also provided details on how unauthenticated attackers could exploit the vulnerability to inject arbitrary shell commands by sending harmful HTTP GET requests to the vulnerable NAS devices available online. The list of affected NAS models includes DNS-320 Version 1.00, DNS-320LW Version 1.01.0914.2012, DNS-325 Version 1.01, Version 1.02, and DNS-340L Version 1.08.

The exploitation of the vulnerability began after D-Link announced that it would not be addressing the security flaw since it only affects end-of-life NAS models. The company advised customers to either upgrade to newer products or retire the affected devices. D-Link stated, "Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported by D-Link. D-Link US recommends retiring and replacing D-Link devices that have reached EOL/EOS."

However, threat actors have started exploiting the vulnerability. This was discovered by Shadowserver, a threat monitoring service. Shadowserver warned, "We have observed D-Link NAS CVE-2024-10914 /cgi-bin/account_mgr.cgi command injection exploitation attempts starting Nov 12th. This vuln affects EOL/EOS devices, which should be removed from the Internet."

While Shadowserver found just over 1,100 D-Link NAS devices exposed online, Netsecfish discovered over 41,000 unique IP addresses online used by vulnerable devices during an internet scan with Huashun Xin'an's FOFA platform. In addition to CVE-2024-10914, Netsecfish reported another vulnerability, a hardcoded backdoor and an arbitrary command injection flaw—collectively tracked as CVE-2024-3273—that can be used together to execute commands on the device remotely.

D-Link has previously stated that the affected NAS devices do not have automatic updating capabilities or customer outreach features to push alerts. As a result, those using end-of-life devices are urged to restrict internet access as soon as possible, as they've been targeted in past ransomware attacks. D-Link mentioned on Friday, "Typically, D-Link cannot resolve device or firmware issues for these products since all development and customer support have ceased. D-Link strongly recommends retiring this product and cautions that further use may be risky to connected devices. If US consumers continue to use these devices against D-Link's recommendation, please ensure the device has the latest firmware."

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.