Remote Code Execution Risk in D-Link DNS-320L and DNS-340L
CVE-2024-3272
Key Information:
Badges
What is CVE-2024-3272?
CVE-2024-3272 is a critical vulnerability affecting several models of D-Link network storage devices, namely the DNS-320L, DNS-325, DNS-327L, and DNS-340L. These devices are intended for home and small business environments, providing centralized data storage and sharing capabilities over a network. The vulnerability arises from improper processing within the HTTP GET request handler specifically related to a file responsible for managing NAS sharing. This issue can be exploited remotely to access hard-coded credentials, posing serious risks to organizations still using these unsupported devices.
Technical Details
The vulnerability concerns the manipulation of the user argument in the file /cgi-bin/nas_sharing.cgi through an HTTP GET request. Attackers can exploit this flaw to retrieve hard-coded credentials, which enables unauthorized access to the device's functionalities. The vulnerability has been classified as "very critical," reflecting the ease of exploitation and the significant risk posed to users. Importantly, these D-Link models are no longer supported by the vendor, meaning no security updates or patches will be provided to mitigate this issue.
Impact of the Vulnerability
-
Remote Unauthorized Access: The vulnerability allows attackers to gain access to sensitive data stored on the affected devices. With hard-coded credentials accessible, unauthorized actors can potentially manipulate, steal, or delete critical files.
-
Data Breach Risks: Exploiting this vulnerability puts organizations at risk of significant data breaches. Malicious actors could extract sensitive information, leading to potential compliance violations and reputational damage.
-
System Compromise: The ability to exploit the vulnerability remotely raises the possibility of broader system compromise within an organizationβs network. Once inside, attackers may use the vulnerable device as a foothold to launch further attacks on other connected systems or data repositories.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Affected Version(s)
DNS-320L 20240403
DNS-325 20240403
DNS-327L 20240403
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
hackhuntingHackers Actively Exploit Critical D-Link NAS Vulnerabilities on EoL Devices
In late March 2024, critical vulnerabilities were disclosed in D-Link NAS devices, allowing unauthorized access and command execution. Nearly 92,000 devices were at risk, attracting threat actors. D-Link issued a security advisory and recommended upgrading affected devices, implementing security mea...
9 months ago
www.sincos.orgCISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
9 months ago
Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.Β
9 months ago
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- π
Vulnerability started trending
- π¦
CISA Reported
- πΎ
Exploit known to exist
- π°
First article discovered by SharkStriker
Vulnerability published