Critical Vulnerability in D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L Up to 2024-04-03

CVE-2024-3272
9.8CRITICAL

Key Information

Vendor
D-link
Status
Dns-320l
Dns-325
Dns-327l
Dns-340l
Vendor
CVE Published:
4 April 2024

Badges

😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

D-Link NAS devices are affected by CVE-2024-3272 and CVE-2024-3273 vulnerabilities, which are actively being exploited by threat actors. These vulnerabilities allow attackers to steal sensitive data, execute remote commands, and orchestrate DoS attacks. Over 92,000 D-Link NAS devices are impacted, and the vulnerabilities affect products that have reached End-of-Life status. The exploitation of these vulnerabilities can lead to a well-orchestrated botnet malware attack, with instances of Mirai Botnet Malware being delivered through exploitation. To mitigate these risks, it is recommended that users update their devices to the latest firmware from the D-Link site, and for devices that have reached EoL, it is advised to replace the hardware. Continuous monitoring of environments for indicators of compromise, vulnerability scanning, and checking the posture through security platforms are also recommended.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-3272 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

Affected Version(s)

DNS-320L = 20240403

DNS-325 = 20240403

DNS-327L = 20240403

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

dinkleberry
Created by aliask

News Articles

favicon imagehackhunting

Hackers Actively Exploit Critical D-Link NAS Vulnerabilities on EoL Devices

In late March 2024, critical vulnerabilities were disclosed in D-Link NAS devices, allowing unauthorized access and command execution. Nearly 92,000 devices were at risk, attracting threat actors. D-Link issued a security advisory and recommended upgrading affected devices, implementing security mea...

7 months ago

favicon imagewww.sincos.org

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

7 months ago

favicon imageSecurityWeek

Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars

Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. 

7 months ago

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability started trending.

  • VulDB entry last update

  • Risk change from: null to: 9.8 - (CRITICAL)

  • 👾

    Exploit exists.

  • First article discovered by SharkStriker

  • Vulnerability published.

  • VulDB entry created

  • Advisory disclosed

Collectors

NVD DatabaseMitre DatabaseCISA Database1 Proof of Concept(s)4 News Article(s)

Credit

netsecfish
.