CTOLCTOL Solutions
CTOL Digital SolutionsCTOL Digital Solutions FRCTOL Digital Solutions DACHCTOL 디지털 솔루션希图科技
News
Services CIO/CTO AdvisoryCloud ComputingDigital Marketing and SalesData Science and Business IntelligenceGenerative AI for BusinessWeb3 and Defi for EnterpriseWeb and Mobile Apps DevelopmentDigital Business ConsultancyLegacy App ModernizationWeb Design and User Experience
Industries Aerospace and DefenseAutomotiveBankingCapital MarketsCommunications and MediaConsumer Goods and ServicesEnergyHealth and Health CareInternetManufacturingInsurancePublic & Social SectorRetailTravelTelecommunicationsPharmaPrivate Equity & venture CapitalEducationOil and GasReal EstateConstruction and Building MaterialLegal ServicesGastronomy and Hospitality
InsightsSoftwareAI Tools
Contact Us
D-Link NAS Devices Vulnerable to Exploitation by Hackers

D-Link NAS Devices Vulnerable to Exploitation by Hackers

By
Kazuki Tanaka
3 min read
InternetTelecommunicationsHardware

Hackers are targeting D-Link network-attached storage devices using remote takeover exploits, with 92,000 vulnerable devices at risk. The vulnerabilities, not being patched by D-Link as they are in end-of-life devices, have severity ratings of up to 9.8 out of 10. Exploits include activating a backdoor account using hardcoded credentials and command injection with a simple HTTP GET request. Users are advised to replace end-of-life hardware or ensure they're running the latest firmware to protect against such attacks.

Key Takeaways

  • Hackers are exploiting vulnerabilities in D-Link NAS devices, with roughly 92,000 devices at risk.
  • The vulnerabilities provide a recipe for remote takeover, including a backdoor account and a command-injection flaw.
  • Successful exploitation of these vulnerabilities can lead to unauthorized access, modification of configurations, and denial of service.
  • D-Link confirmed a list of affected devices, and the best defense is to replace end-of-life hardware or ensure the most recent firmware is running.
  • Users can protect themselves by disabling UPnP and remote Internet connections unless necessary and configured correctly.

News Content

D-Link won't be issuing patches for vulnerable NAS devices that are no longer supported, leaving roughly 92,000 devices open to exploitation by hackers. These vulnerabilities allow remote commandeer of the affected devices through simple HTTP traffic. The attacks attempt to download and install various malware on the vulnerable devices, and are considered severe, with a rating of 9.8 and 7.3 out of 10. D-Link confirmed the list of affected devices and advises users to replace hardware once it reaches end of life or to ensure they’re running the most recent firmware.

The vulnerabilities, present in end-of-life devices, have left roughly 92,000 D-Link network-attached storage devices vulnerable to exploitation by hackers. Remote commandeer of the affected devices is possible through simple HTTP traffic, with the attacks attempting to download and install various malware on the vulnerable devices. The severity of the vulnerabilities is significant, with ratings of 9.8 and 7.3 out of 10. D-Link has confirmed the affected devices and advises users to replace hardware once it reaches end of life or to ensure they’re running the most recent firmware.

The best defense against these attacks and others like them is to replace hardware once it reaches end of life. D-Link provides a dedicated support page for legacy devices for owners to locate the latest available firmware, and recommends disabling UPnP and connections from remote Internet addresses unless they’re absolutely necessary and configured correctly.

Analysis

The vulnerable D-Link NAS devices, left unsupported, expose 92,000 units to potential exploitation by hackers. The immediate consequence is the risk of remote commandeering and malware installation. In the long term, unpatched vulnerabilities plant the seeds for larger, systemic security breaches in connected networks. D-Link's advice to replace end-of-life hardware or ensure the latest firmware suggests a proactive approach. Addressing these vulnerabilities is critical to safeguard against increasingly sophisticated cyber threats. The evolving landscape calls for heightened awareness and proactive security measures to mitigate risks in the future.

Do You Know?

  • Network-attached storage (NAS) devices: These are specialized storage devices that are connected to a network, allowing multiple users and different devices to store and access data from a centralized location.

  • End of life (EOL) devices: These refer to products that are no longer being supported or maintained by the manufacturer. In this context, D-Link has communicated that once a device reaches end of life, it is advisable to replace it with a new one or ensure it is running the latest firmware to protect against vulnerabilities.

  • Remote commandeer and HTTP traffic: The vulnerability allows remote attackers to take control of the affected devices through simple HTTP traffic. This means that attackers can exploit the devices from a distance by sending specific commands or requests over the web.

You May Also Like

This article is submitted by our user under the News Submission Rules and Guidelines. The cover photo is computer generated art for illustrative purposes only; not indicative of factual content. If you believe this article infringes upon copyright rights, please do not hesitate to report it by sending an email to us. Your vigilance and cooperation are invaluable in helping us maintain a respectful and legally compliant community.

Subscribe to our Newsletter

Get the latest in enterprise business and tech with exclusive peeks at our new offerings