Over 92,000 D-Link NAS devices face compromise risk

8 April 2024

More than 92,000 outdated internet-exposed D-Link Network Attached Storage devices could be breached in attacks exploiting a newly discovered arbitrary command injection and hardcoded backdoor vulnerability, tracked as CVE-2024-3273, which could result in sensitive data access, system configuration modifications, and denial-of-service conditions, reports Security Affairs. Such a flaw was discovered by cybersecurity researcher Netsecfish within the nas_sharing.cgi script, which was found to contain a hardware credential-enabled backdoor that allowed authentication bypass, as well as system parameter-enabled command injection.

Source: SC Magazine

Date:

8 April 2024

Categorie(s):

NEWS

Tag(s):

Computer Hardware, D-Link, IT, NAS, News

Nokod Security Platform secures low-code/no-code development environments and apps3 May 2024
NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources3 May 2024
Lenovo launches AI-based Cyber Resiliency as a Service3 May 2024
These Dangerous Scammers Don’t Even Bother to Hide Their Crimes3 May 2024
Edgio ASM reduces risk from web application vulnerabilities3 May 2024