CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices

IoT 2个月前 admin
81 0 0

Security researchers have uncovered a serious vulnerability in several D-Link Network Attached Storage (NAS) devices, including DNS-320L, DNS-327L, and others. This flaw leaves devices wide open to attack, giving hackers the ability to execute commands remotely and potentially steal sensitive data or disrupt operations.
安全研究人员在多个 D-Link 网络附加存储 (NAS) 设备中发现了一个严重漏洞,包括 DNS-320L、DNS-327L 等。此漏洞使设备容易受到攻击,使黑客能够远程执行命令并可能窃取敏感数据或破坏操作。

The Double Whammy: Backdoor and Injection

The vulnerability (CVE-2024-3273CVSS 7.3) is two-fold and particularly dangerous:
该漏洞(CVE-2024-3273、CVSS 7.3)有两个方面,而且特别危险:

  1. Hidden Backdoor: Hardcoded credentials within the vulnerable code allow attackers to bypass authentication and gain access to the device.
  2. Command Injection: A flaw in how the NAS handles requests allows hackers to inject malicious commands through the ‘system’ parameter, granting them remote control.
    命令注入:NAS 处理请求的方式存在缺陷,黑客可以通过“system”参数注入恶意命令,从而授予他们远程控制权。

The Impact 影响

Attackers exploiting this vulnerability could:

  • Steal Sensitive Data: Access stored files, potentially exposing confidential business information or personal data.
  • Disrupt Systems: Run commands that could modify system settings or cripple services, causing downtime.
  • Install Further Malware: Use the compromised device as a jumping-off point to infect other systems on the network.

Who’s At Risk? 谁处于危险之中?

CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices

Image: netsecfish 图片:netsecfish

An estimated 92,000 devices on the internet could be susceptible to attacks exploiting this vulnerability. The specific versions affected include:
据估计,互联网上有 92,000 台设备容易受到利用此漏洞的攻击。受影响的特定版本包括:

  • DNS-320L Versions 1.11, 1.03.0904.2013, and 1.01.0702.2013
    DNS-320L 版本 1.11、1.03.0904.2013 和 1.01.0702.2013
  • DNS-325 Version 1.01 DNS-325 版本 1.01
  • DNS-327L Versions 1.09 and 1.00.0409.2013
    DNS-327L 版本 1.09 和 1.00.0409.2013
  • DNS-340L Version 1.08 DNS-340L 版本 1.08

Exploitation and Consequences

Exploiting CVE-2024-3273 is alarmingly straightforward. An attacker can craft a malicious HTTP GET request targeting the vulnerable /cgi-bin/nas_sharing.cgi endpoint. This request, containing the hardcoded username and an empty password along with a base64 encoded command, can lead to unauthorized command execution.
利用 CVE-2024-3273 非常简单。攻击者可以构建针对易受攻击的 /cgi-bin/nas_sharing.cgi 端点的恶意 HTTP GET 请求。此请求包含硬编码的用户名和空密码以及 base64 编码的命令,可能会导致未经授权的命令执行。

CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices

Image: netsecfish 图片:netsecfish

The implications of such an attack are far-reaching. Successful exploitation could result in unauthorized access to sensitive information, modification of system configurations, or even a total denial of service, rendering the device unusable and disrupting operations for businesses and individuals alike.

Call to Action 号召性用语

In response to the discovery of CVE-2024-3273, it is strongly recommended that all users of affected D-Link NAS devices promptly apply any available patches or updates provided by D-Link. Given the severity of the vulnerabilities and the potential for widespread impact, addressing this issue should be considered an immediate priority for all affected users.
针对 CVE-2024-3273 的发现,强烈建议所有受影响的 D-Link NAS 设备的用户立即应用 D-Link 提供的任何可用补丁或更新。鉴于漏洞的严重性和可能产生的广泛影响,解决此问题应被视为所有受影响用户的当务之急。

Here’s what you need to do:

  1. Check Your Device: Visit D-Link’s website and determine if your NAS model is affected.
    检查您的设备:访问 D-Link 的网站并确定您的 NAS 型号是否受到影响。
  2. Apply Updates Urgently: If your device is vulnerable, download and install the latest firmware update as soon as possible.
  3. Change Default Passwords: Even after patching, it’s good practice to change any default passwords on your NAS device.
    更改默认密码:即使在修补后,最好更改 NAS 设备上的任何默认密码。

Protect Your Data 保护您的数据

This vulnerability underscores the need to remain vigilant about cybersecurity, even with trusted devices. Stay informed about security updates, use strong passwords, and consider additional security measures like network segmentation to reduce your risk.

原文始发于 DO SONCVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices

版权声明:admin 发表于 2024年4月7日 下午9:02。
转载请注明:CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices | CTF导航