- Earlier this week, researchers discover a 9.2 flaw affecting multiple NAS models
- D-Link says it won’t patch them since they reached end-of-life status
- Crooks are now targeting them with available exploit code
Cybercriminals have begun targeting D-Link NAS devices, recently found to have a critical vulnerability, but which will not be patched due to being at their end of life.
Threat monitoring service Shadowserver recently sounded the alarm in a brief thread posted on X.
It was recently reported multiple versions of D-Link NAS devices were vulnerable to a 9.2-severity flaw that could allow hackers to interfere with the endpoints. However, as the devices had reached their end-of-life, the company said it would not be addressing the flaw, and would not be issuing a patch – instead, advising users to replace the devices with newer models.
Thousand(s) of victims
While the researchers said the exploitation was somewhat difficult since the complexity of an attack was relatively high, they did stress that there is a publicly available exploit out there.
“We have observed D-Link NAS CVE-2024-10914 /cgi-bin/account_mgr.cgi command injection exploitation attempts starting Nov 12th,” the researchers said. “This vuln affects EOL/EOS devices, which should be removed from the Internet.”
They added that in total, there were more than 60,000 endpoints out there that could be compromised, including different models such as DNS-320 Version 1.00,
DNS-320LW Version 1.01.0914.2012, DNS-325 Version 1.01, Version 1.02, and DNS-340L Version 1.08.
Shadowserver also said that it observed roughly 1,100 potential victims, significantly fewer than the 60,000 that were originally claimed.
A NAS device is a dedicated data storage unit connected to a network, allowing multiple users and devices to access and store data centrally. It provides secure file sharing, data backup, and storage, making it ideal for both home and business use. NAS devices are typically easy to set up and scale, offering RAID support and other protections against data loss.
Cybercriminals frequently target NAS devices because they often hold sensitive data, including personal documents, financial information, and business files. By compromising NAS systems, attackers can steal, encrypt, or delete valuable data, with ransomware being a common threat.
Via BleepingComputer
