Unpatched D-Link Devices Under Siege by Hackers

Over 92,000 D-Link Network Attached Storage (NAS) devices are under active attack by malicious actors exploiting a critical security vulnerability. These devices, identified as end-of-life models by D-Link, are particularly susceptible due to the lack of available security updates.

The vulnerability, classified as CVE-2024-3273, stems from a two-pronged attack strategy. The first weakness lies in a backdoor account pre-programmed into the device's software. This account, named "messagebus," has a blank password, essentially granting anyone access. The second vulnerability involves a flaw in how the device processes user-submitted information. By manipulating a specific parameter, attackers can inject malicious code that grants them complete control over the NAS device.

Security researcher Netsecfish first discovered and reported the vulnerability. Their analysis highlights the potential consequences of an exploit. Attackers could leverage this vulnerability to steal sensitive data stored on the NAS device, alter critical system configurations, or even render the device inoperable through a denial-of-service attack.

The specific D-Link NAS models affected include the DNS-320L, DNS-325, DNS-327L, and DNS-340L, along with others. D-Link has confirmed the vulnerability but has also clarified that these models are no longer supported, and therefore, no security patches will be released.

This lack of support poses a significant challenge for owners of these devices. While some users might choose to disconnect their NAS entirely to mitigate the risk, others may be left in a precarious situation. Without a security update, these devices remain highly vulnerable to ongoing attacks.

Security experts urge NAS device owners to take immediate action to protect their data. The most critical step involves identifying the specific model of NAS device they possess. If the model is one of those identified as vulnerable, disconnecting the device from the internet is the safest course of action.

For users who require continued network connectivity for their NAS device, backing up all critical data is essential. Unfortunately, due to the absence of a security patch, these devices will remain at risk until they are replaced with a more secure model.