Active Exploitation of Vulnerabilities in D-Link Products

D-Link has disclosed two vulnerabilities (CVE-2024-3272 & CVE-2024-3273) in their network-attached storage (NAS) devices. These vulnerabilities are reportedly being actively exploited.

The vulnerabilities are:

• CVE-2024-3272: A backdoor vulnerability which could allow attackers to utilise hard coded credentials to gain unauthorised access to the web management interface. This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

• CVE-2024-3273: A command injection vulnerability which could allow attackers to perform arbitrary command execution on the system. This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 7.3 out of 10.
  

The vulnerabilities affect the following products:  

• DNS-120

• DNR-202L

• DNS-315L

• DNS-320

• DNS-320L

• DNS-320LW

• DNS-321

• DNR-322L

• DNS-323

• DNS-325

• DNS-326

• DNS-327L

• DNR-326

• DNS-340L

• DNS-343

• DNS-345

• DNS-726-4

• DNS-1100-4

• DNS-1200-05

• DNS-1550-04

The affected D-Link products have reached End of Life (EOL). Users and administrators of affected EOL products are advised to retire and replace their devices with products that are still supported by the manufacturer.

More information is available here:

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383

https://arstechnica.com/security/2024/04/hackers-actively-exploit-critical-remote-takeover-vulnerabilities-in-d-link-devices/?utm_source=tldrinfosec