Monday 15 April 2024, Poradnik bezpieczeństwa

Do you have an old D-Link NAS server? Beware of backdoors.


GitHub user netsecfish disclosed a vulnerability (CVE-2024-3273) affecting older models of D-Link NAS devices, including the DNS-320L, DNS-325, DNS-327L, and DNS-340L.

He indicated that there is a risk for over 92,000 people. devices connected to the network, allowing attackers to exploit the vulnerability and then take control of the device.

There is one problem, and it's a big one. Devices are not supported.

Therefore, it is recommended to replace them due to lack of updates (EoL). It is also recommended to isolate or limit access to devices that can be used to execute commands. The risk is the result of oversight rather than intentional placement of a backdoor.