Security researchers have uncovered a serious vulnerability in several D-Link Network Attached Storage (NAS) devices, including DNS-320L, DNS-327L, and others. This flaw leaves devices wide open to attack, giving hackers the ability to execute commands remotely and potentially steal sensitive data or disrupt operations.
安全研究人员在多个 D-Link 网络附加存储 (NAS) 设备中发现了一个严重漏洞,包括 DNS-320L、DNS-327L 等。此漏洞使设备容易受到攻击,使黑客能够远程执行命令并可能窃取敏感数据或破坏操作。
The Double Whammy: Backdoor and Injection
双重打击:后门和注入
The vulnerability (CVE-2024-3273, CVSS 7.3) is two-fold and particularly dangerous:
该漏洞(CVE-2024-3273、CVSS 7.3)有两个方面,而且特别危险:
- Hidden Backdoor: Hardcoded credentials within the vulnerable code allow attackers to bypass authentication and gain access to the device.
隐藏的后门:易受攻击的代码中的硬编码凭据允许攻击者绕过身份验证并访问设备。 - Command Injection: A flaw in how the NAS handles requests allows hackers to inject malicious commands through the ‘system’ parameter, granting them remote control.
命令注入:NAS 处理请求的方式存在缺陷,黑客可以通过“system”参数注入恶意命令,从而授予他们远程控制权。
The Impact 影响
Attackers exploiting this vulnerability could:
利用此漏洞的攻击者可能:
- Steal Sensitive Data: Access stored files, potentially exposing confidential business information or personal data.
窃取敏感数据:访问存储的文件,可能会泄露机密业务信息或个人数据。 - Disrupt Systems: Run commands that could modify system settings or cripple services, causing downtime.
中断系统:运行可能修改系统设置或瘫痪服务的命令,从而导致停机。 - Install Further Malware: Use the compromised device as a jumping-off point to infect other systems on the network.
安装更多恶意软件:使用受感染的设备作为感染网络上其他系统的起点。
Who’s At Risk? 谁处于危险之中?
Image: netsecfish 图片:netsecfish
An estimated 92,000 devices on the internet could be susceptible to attacks exploiting this vulnerability. The specific versions affected include:
据估计,互联网上有 92,000 台设备容易受到利用此漏洞的攻击。受影响的特定版本包括:
- DNS-320L Versions 1.11, 1.03.0904.2013, and 1.01.0702.2013
DNS-320L 版本 1.11、1.03.0904.2013 和 1.01.0702.2013 - DNS-325 Version 1.01 DNS-325 版本 1.01
- DNS-327L Versions 1.09 and 1.00.0409.2013
DNS-327L 版本 1.09 和 1.00.0409.2013 - DNS-340L Version 1.08 DNS-340L 版本 1.08
Exploitation and Consequences
剥削和后果
Exploiting CVE-2024-3273 is alarmingly straightforward. An attacker can craft a malicious HTTP GET request targeting the vulnerable /cgi-bin/nas_sharing.cgi endpoint. This request, containing the hardcoded username and an empty password along with a base64 encoded command, can lead to unauthorized command execution.
利用 CVE-2024-3273 非常简单。攻击者可以构建针对易受攻击的 /cgi-bin/nas_sharing.cgi 端点的恶意 HTTP GET 请求。此请求包含硬编码的用户名和空密码以及 base64 编码的命令,可能会导致未经授权的命令执行。
Image: netsecfish 图片:netsecfish
The implications of such an attack are far-reaching. Successful exploitation could result in unauthorized access to sensitive information, modification of system configurations, or even a total denial of service, rendering the device unusable and disrupting operations for businesses and individuals alike.
这种攻击的影响是深远的。成功利用此漏洞可导致未经授权访问敏感信息、修改系统配置,甚至完全拒绝服务,使设备无法使用,并中断企业和个人的运营。
Call to Action 号召性用语
In response to the discovery of CVE-2024-3273, it is strongly recommended that all users of affected D-Link NAS devices promptly apply any available patches or updates provided by D-Link. Given the severity of the vulnerabilities and the potential for widespread impact, addressing this issue should be considered an immediate priority for all affected users.
针对 CVE-2024-3273 的发现,强烈建议所有受影响的 D-Link NAS 设备的用户立即应用 D-Link 提供的任何可用补丁或更新。鉴于漏洞的严重性和可能产生的广泛影响,解决此问题应被视为所有受影响用户的当务之急。
Here’s what you need to do:
以下是您需要做的:
- Check Your Device: Visit D-Link’s website and determine if your NAS model is affected.
检查您的设备:访问 D-Link 的网站并确定您的 NAS 型号是否受到影响。 - Apply Updates Urgently: If your device is vulnerable, download and install the latest firmware update as soon as possible.
紧急应用更新:如果您的设备容易受到攻击,请尽快下载并安装最新的固件更新。 - Change Default Passwords: Even after patching, it’s good practice to change any default passwords on your NAS device.
更改默认密码:即使在修补后,最好更改 NAS 设备上的任何默认密码。
Protect Your Data 保护您的数据
This vulnerability underscores the need to remain vigilant about cybersecurity, even with trusted devices. Stay informed about security updates, use strong passwords, and consider additional security measures like network segmentation to reduce your risk.
这个漏洞凸显了对网络安全保持警惕的必要性,即使是使用受信任的设备也是如此。随时了解安全更新,使用强密码,并考虑采取其他安全措施(如网络分段)以降低风险。
原文始发于 :CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices
转载请注明:CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices | CTF导航
