An unpatched vulnerability affecting D-Link network-attached storage (NAS) devices has been discovered and is reportedly being exploited in the wild. The vulnerability, identified as CVE-2024-3273, was disclosed along with a proof-of-concept (PoC) exploit by an individual using the online moniker ‘NetworkSecurityFish’.

The vulnerability impacts several D-Link NAS models, including DNS-340L, DNS-320L, DNS-327L, and DNS-325, and involves hardcoded credentials that allow remote access to the device’s web management interface, as well as a command injection bug. When combined, these vulnerabilities enable unauthenticated attackers to execute arbitrary commands on the device, potentially leading to unauthorized access, system configuration changes, or causing a denial of service (DoS) condition.

D-Link has confirmed the impact on the named models and has advised customers to discontinue using these devices as they have reached end of life (EOL) and will not receive patches. Despite the advisory, exploitation attempts targeting CVE-2024-3273 have been observed by threat intelligence company GreyNoise and the Shadowserver Foundation. The Shadowserver Foundation reported scans and exploits from multiple IPs, indicating potential malicious exploitation attempts.

It is worth noting that the US cybersecurity agency CISA has identified 16 D-Link product vulnerabilities that have been exploited in the wild, highlighting the ongoing threat to D-Link devices. Additionally, NAS devices in general are frequently targeted in malicious attacks, making them a prime focus for threat actors.

NetworkSecurityFish has shared a screenshot from the FOFA search engine, purportedly showing 92,000 results for affected D-Link NAS devices. However, the accuracy of this data remains unclear. Shadowserver’s findings indicate a significantly lower number of internet-exposed devices matching the D-Link models, raising questions about the actual scope of the issue.

The discovery of this unpatched vulnerability and the subsequent exploitation attempts underscore the critical need for proactive security measures and the importance of promptly addressing end-of-life devices to mitigate potential risks. As cybersecurity threats continue to evolve, organizations and individuals must remain vigilant and prioritize the security of their network infrastructure and connected devices.