Critical Command Injection Vulnerability in D-Link Devices (VDB-259284)
Key Information
- Vendor
- D-link
- Status
- Dns-320l
- Dns-325
- Dns-327l
- Dns-340l
- Vendor
- CVE Published:
- 4 April 2024
Badges
Summary
A critical command injection vulnerability has been disclosed in D-Link Network Attached Storage (NAS) devices, affecting models such as DNS-320L, DNS-325, DNS-327L, and DNS-340L. The flaw allows for arbitrary command execution on the system, potentially leading to unauthorized access, modification of system configurations, or denial of service conditions. Over 92,000 vulnerable D-Link NAS devices have been identified, and since the devices are no longer supported, D-Link has recommended retiring and replacing them with products that receive firmware updates. There are no patches available for this vulnerability, and the affected devices do not have automatic updating capabilities, making them susceptible to attacks. The vendor has urged immediate retirement or replacement of the impacted devices and advised against exposing NAS devices to the internet due to the high risk of data theft or ransomware attacks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-3273 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
Affected Version(s)
DNS-320L = 20240403
DNS-325 = 20240403
DNS-327L = 20240403
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
hackhunting CVE-2024-3273CVE-2024-3272Hackers Actively Exploit Critical D-Link NAS Vulnerabilities on EoL Devices
In late March 2024, critical vulnerabilities were disclosed in D-Link NAS devices, allowing unauthorized access and command execution. Nearly 92,000 devices were at risk, attracting threat actors. D-Link issued a security advisory and recommended upgrading affected devices, implementing security mea...
8 months ago
www.sincos.org CVE-2024-3272CVE-2024-3273CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
8 months ago
GreyNoise CVE-2024-3273CVE-2024-3273: D-Link NAS RCE Exploited in the Wild | GreyNoise Blog
Check out this blog to stay informed about a critical remote code execution vulnerability affecting D-Link NAS devices. It is being tracked under CVE-2024-3273 and believed to affect as many as 92,000 devices.
8 months ago
EPSS Score
92% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
VulDB entry last update
Vulnerability started trending.
Risk change from: null to: 7.3 - (HIGH)
- 👾
Exploit exists.
First article discovered by BleepingComputer
Vulnerability published.
VulDB entry created
Advisory disclosed