Over 92,000 D-Link NAS devices face compromise risk

More than 92,000 outdated internet-exposed D-Link Network Attached Storage devices could be breached in attacks exploiting a newly discovered arbitrary command injection and hardcoded backdoor vulnerability, tracked as CVE-2024-3273, which could result in sensitive data access, system configuration modifications, and denial-of-service conditions, reports Security Affairs. Such a flaw was discovered by cybersecurity researcher Netsecfish within the nas_sharing.cgi script, which was found to contain a hardware credential-enabled backdoor that allowed authentication bypass, as well as system parameter-enabled command injection.

Source: SC Magazine

 


Date:

Categorie(s):