Critical Flaw in D-Link NAS Devices Risks Data Theft, No Fix Planned
April 8, 2024![Critical Flaw in D-Link NAS Devices Risks Data Theft, No Fix Planned](https://cdn.brief.news/images/stories/12b583c34c1e7d3870a49d81c8f50d6828e8219f920525eb4873cefbab6e3c2e6df7a4fbb5cc5af58925af421845fd9768d9353c749e2476ea20f80498fad0bf.png)
A critical security flaw, identified as CVE-2024-3273, has been found in several D-Link NAS devices by a researcher known as 'Netsecfish'.
The vulnerability allows attackers to execute arbitrary commands, which could lead to data breaches or system disruptions.
Affected models include DNS-340L, DNS-320L, DNS-327L, and DNS-325, with the issue stemming from hardcoded credentials and a command injection vulnerability.
D-Link has announced it will not issue security updates for these compromised devices since they are end-of-life products.
As a precaution, the vendor suggests replacing vulnerable devices and advises against exposing any NAS devices to the internet.
Summary based on 1 source
Get a daily email with more Tech stories
Source
![+92,000 Internet-facing D-Link NAS devices can be easily hacked](https://cdn.brief.news/images/links/12b583c34c1e7d3870a49d81c8f50d6828e8219f920525eb4873cefbab6e3c2e6df7a4fbb5cc5af58925af421845fd9768d9353c749e2476ea20f80498fad0bf.png)
Security Affairs • Apr 7, 2024
+92,000 Internet-facing D-Link NAS devices can be easily hacked