Critical Flaw in D-Link NAS Devices Risks Data Theft, No Fix Planned

April 8, 2024
Critical Flaw in D-Link NAS Devices Risks Data Theft, No Fix Planned
  • A critical security flaw, identified as CVE-2024-3273, has been found in several D-Link NAS devices by a researcher known as 'Netsecfish'.

  • The vulnerability allows attackers to execute arbitrary commands, which could lead to data breaches or system disruptions.

  • Affected models include DNS-340L, DNS-320L, DNS-327L, and DNS-325, with the issue stemming from hardcoded credentials and a command injection vulnerability.

  • D-Link has announced it will not issue security updates for these compromised devices since they are end-of-life products.

  • As a precaution, the vendor suggests replacing vulnerable devices and advises against exposing any NAS devices to the internet.

Summary based on 1 source


Get a daily email with more Tech stories

Source

Related Stories