D-Link NAS devices (DNS-320, DNS-320LW, DNS-325, and DNS-340L) with firmware up to version 20241028 are affected by a critical OS command injection vulnerability. These devices are widely used in personal and business environments, and many instances are accessible online, increasing the risk of exploitation. Although the complexity of the attack is relatively high, the exploit does not require authentication and has been publicly disclosed, increasing the likelihood of active exploitation.
| Product | D-Link DNS ShareCenter |
| Date | 2024-11-29 13:25:34 |
| Information |
|
Technical Summary
The vulnerability (CWE-78) resides in the cgi_user_add function within the /cgi-bin/account_mgr.cgi?cmd=cgi_user_add endpoint. The flaw occurs due to improper neutralization of special elements in the user-supplied input for the name parameter. This allows attackers to inject OS commands, leading to:
- Confidentiality breach: theft of sensitive data.
- Integrity compromise: modification or destruction of data.
- Availability impact: disruption of device functionality or network operations.
Although exploitation is technically complex, its remote nature and lack of authentication requirements increase its criticality. A public exploit is available that could be used by attackers to compromise vulnerable devices.
Recommendations
Update firmware
- Immediately update the firmware of affected devices to the latest version provided by D-Link, which resolves the issue.
Restrict access
- Limit access to the administrative interface by configuring access controls and allowing only trusted networks.
Monitor for exploits
- Regularly check the device to identify signs of unauthorized modifications or anomalous activity.
Apply network security measures
- Use firewalls and intrusion detection/prevention systems (IDS/IPS) to detect and block potential intrusion attempts.
[Callforaction-THREAT-Footer]
