92,000 D-Link Network-attached Storage (NAS) devices worldwide are vulnerable to exploitation from two security flaws tracked as CVE-2024-3272 (CVSS score: 9.8/10) and CVE-2024-3273 (CVSS score: 7.3/10). These high CVSS scores indicate a significant severity of risk to users. Vulnerable D-link products have reached end-of-life status and businesses are being urged to replace the devices as no new patch will be released.
These attacks are occurring due to the presence of a backdoor account with hardcoded credentials in D-Link NAS devices and a command injection problem via the "system" parameter. The hardcoded credentials grant attackers unrestricted access to affected devices, compromising confidentiality, integrity, and availability of stored data. Importantly, the affected modules are DNS-320L, DNS-325, DNS-327L, and DNS-340L. If exploited, threat actors will be able to access sensitive information, start a denial-of-service (DoS) or alter a systems configuration.
UK businesses relying on D-Link NAS devices for data storage and file sharing are at risk of security breaches and unauthorised access. The vulnerabilities could lead to loss of sensitive data, financial losses, damage to reputation, and regulatory non-compliance. Businesses in sectors such as finance, healthcare, and legal, handling confidential or personally identifiable information (PII), are particularly vulnerable to the consequences of these vulnerabilities.
Actions for businesses
Patch Management: Immediately apply patches or firmware updates released by D-Link to mitigate the vulnerabilities in affected NAS devices. Patch management involves the process of identifying, deploying, and monitoring software updates or patches to address vulnerabilities and improve the security and stability of computer systems and software applications.
Credential Management: Change default passwords and credentials on D-Link NAS devices to prevent unauthorised access. Credentials, such as usernames, passwords, certificates, and biometric data, should be securely controlled to ensure proper authentication and authorisation within an organisation's IT infrastructure. This includes ensuring a company has privileged access management (PAM) to restrict access to high risk data.
Network Segmentation: Implement network segmentation to isolate NAS devices from external threats and restrict access to authorised users only. Segmentation prevents lateral movement by attackers within the network. Even if one segment is compromised, the impact is limited to that segment, reducing the risk of widespread compromise.
Monitoring and Detection: Deploy intrusion detection systems (IDS) and security monitoring tools to detect and respond to suspicious activities or attempts to exploit vulnerabilities.
Vendor Assessment: Conduct thorough assessments of vendor security practices and product security features before procuring or deploying NAS devices.
Backup and Recovery: Maintain regular backups of critical data stored on NAS devices and establish robust backup and recovery procedures to mitigate the impact of potential data breaches.
User Awareness: Educate employees and users about the risks associated with default credentials and the importance of maintaining strong password hygiene.
Regulatory Compliance: Ensure compliance with data protection regulations such as GDPR by implementing appropriate security measures and reporting any data breaches promptly
