Tag Archive for: DLink

Critical D-Link Security Flaws Leaves Thousands Of These Storage Devices Vulnerable To Hacks

/in


end of life d link nas vulnerability allow code execution

End-of-life hardware can be quite the problem at times, even crashing back into Earth’s atmosphere at supersonic speeds for that matter. Of course, we wouldn’t expect such travesties happening with the hardware you keep in your basement, or that NAS you tucked away your closet. However, older tech gear can have serious security vulnerabilities that might not get patched due to its end-of-life status with the manufacturer. This is precisely what some D-Link networked attached storage (NAS) owners are finding out after a critical vulnerability was discovered, affecting up to 10s of thousands of devices still connected to the internet.

Roughly two weeks ago, researchers discovered a chain of vulnerabilities in several D-Link NAS devices including “DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others.” The issues live with nas_sharing.cgi, which has a backdoor thanks to hardcoded credentials and command injection through the system parameter. These combined would allow for arbitrary code execution on the afflicted devices, allowing an attacker access to information, denial of service, or otherwise.

92k end of life d link nas vulnerability allow code execution

According to the researchers with NetSecFish, up to 92,000 D-Link devices are exposed to the internet and vulnerable to attackers. Shodan shows that there are significantly fewer exposed devices and fewer still that are tagged as end-of-life. Regardless, in response to the vulnerabilities, D-Link posted a notice explaining that the “exploit affects a legacy D-Link products and all hardware revisions, which have reached their End of Life (“EOL”)/End of Service Life (“EOS”) Life-Cycle.” As such, the recommendation for affected systems is to retire or replace them, as there will not be an update coming from the company.

Of course, you can also always ensure that the NAS devices are not exposed to the internet and simply use them internally, but there’s no guarantee that your data is safe. Thus, we would also recommend upgrading your storage server to something more current (16TB Buffalo NAS), to help prevent these types of security issues.

Source…

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

/in


Apr 09, 2024NewsroomBotnet / Vulnerability

D-Link NAS Devices

Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices.

Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in an advisory, said it does not plan to ship a patch and instead urges customers to replace them.

“The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hard-coded credentials, and a command injection vulnerability via the system parameter,” security researcher who goes by the name netsecfish said in late March 2024.

Cybersecurity

Successful exploitation of the flaws could lead to arbitrary command execution on the affected D-Link NAS devices, granting threat actors the ability to access sensitive information, alter system configurations, or even trigger a denial-of-service (DoS) condition.

The issues affect the following models –

  • DNS-320L
  • DNS-325
  • DNS-327L, and
  • DNS-340L

Threat intelligence firm GreyNoise said it observed attackers attempting to weaponize the flaws to deliver the Mirai botnet malware, thus making it possible to remotely commandeer the D-Link devices.

D-Link NAS Devices

In the absence of a fix, the Shadowserver Foundation is recommending that users either take these devices offline or have remote access to the appliance firewalled to mitigate potential threats.

Cybersecurity

The findings once again illustrate that Mirai botnets are continuously adapting and incorporating new vulnerabilities into their repertoire, with threat actors swiftly developing new variants that are designed to abuse these issues to breach as many devices as possible.

With network devices becoming common targets for financially motivated and nation-state-linked attackers, the development comes as Palo Alto Networks Unit 42 revealed that threat actors are increasingly switching to malware-initiated scanning attacks to flag vulnerabilities in target networks.

“Some scanning attacks originate from benign networks likely driven by malware on infected machines,”…

Source…

D-Link routers are under attack from hackers

/in


Your router is the key to home internet. All other devices must connect to the router for Wi-Fi, which is why you must ensure all security protocols are in place. Hackers who breach your router can cause serious problems. Tap or click here for five reasons to replace your router.

The gateway to valuable information is a lucrative prospect for any cybercriminal, and a group is now using a new malware variant to conduct their crimes.

Read on to see how this malware works and how to protect your router.

Here’s the backstory

Last year, security researchers at Fortinet found malware in Hikvision security cameras. Hackers used Mirai malware to launch strategically distributed denial of service (DDoS) attacks. These attacks flood a network, crippling it under the pressure of multiple data requests.

However, the malware has gone through an update, and researchers at Palo Alto Network’s Unit 42 spotted the latest version at work. A blog post explains that the MooBot variant specifically targets D-Link routers and exploits these vulnerabilities:

  • HNAP SOAPAction Header Command Execution Vulnerability.
  • SOAP Interface Remote Code Execution Vulnerability.
  • Remote Command Execution Vulnerability (two versions).

The end goal of the hackers is the same as before, trying to incorporate as many routers into a massive DDoS attack. While the criminals aren’t necessarily after your private data, it can give them a glimpse into valuable information.

What you can do about it

Unit 42 alerted D-Link to the flaws through the responsible disclosure of vulnerabilities. As a result, the company has rolled out several security patches to correct the mistakes, but some users might still have unpatched routers.

D-Link router flaws include:

  • D-Link Wireless N Home Router with SmartBeam technology (DIR-645).
  • Wireless AC1900 Dual-Band Gigabit Cloud Router (DIR-880L).
  • D-Link Wireless AC1200 Dual-Band Gigabit Cloud Router (DIR-860L).
  • Wireless AC1000 Home Cloud Dual-Band Broadband Router (DIR-820L).
  • D-Link Wireless AC750 Dual-Band Cloud Router (DIR-816L).

If you…

Source…

Hacker group has been hijacking DNS traffic on D-Link routers for three months – ZDNet

/in

Hacker group has been hijacking DNS traffic on D-Link routers for three months  ZDNet

Other router models have also been targeted, such as ARG, DSLink, Secutech, and TOTOLINK.

“HTTPS hijacking” – read more