D-Link devices are already under attack after the company said it would no longer support them
- Earlier this week, researchers discovered a 9.2 flaw affecting multiple NAS models
- D-Link says it won’t patch them because they have reached end-of-life status
- Scammers are now targeting them with available exploit code
Cybercriminals have begun attacking D-Link NAS devices, which were recently identified as having a critical vulnerability but will not be patched as they have reached end of life.
Threat monitoring service Shadowserver recently raised the alarm in a short thread on X.
It was recently reported that multiple versions of D-Link NAS devices were vulnerable to a 9.2 severity flaw that allowed hackers to compromise the endpoints. However, as the devices had reached the end of their lifespan, the company said it would not fix the flaw or issue a patch, but would advise users to replace the devices with newer models.
Thousand(s) of victims
Although the researchers said the exploitation was somewhat difficult because the complexity of an attack was relatively high, they did emphasize that a publicly available exploit exists.
“We observed command injection exploit attempts of D-Link NAS CVE-2024-10914 /cgi-bin/account_mgr.cgi as of November 12,” the researchers said. “This vulnerability affects EOL/EOS devices, which should be removed from the Internet.”
They added that there are more than 60,000 endpoints in total that could be affected, including various models such as DNS-320 version 1.00,
DNS-320LW version 1.01.0914.2012, DNS-325 version 1.01, version 1.02 and DNS-340L version 1.08.
Shadowserver also said it has observed approximately 1,100 potential victims, significantly fewer than the 60,000 originally claimed.
A NAS device is a dedicated data storage unit connected to a network, allowing multiple users and devices to centrally access and store data. It offers secure file sharing, data backup and storage, making it ideal for both home and business use. NAS devices are typically easy to set up and scale and offer RAID support and other data loss protection.
Cybercriminals often target NAS devices because they often contain sensitive data, including personal documents, financial information and business files. By compromising NAS systems, attackers can steal, encrypt or delete valuable data, with ransomware being a common threat.
Via BleepingComputer