A critical security vulnerability, identified as CVE-2024-3273, has been discovered in D-Link Network Attached Storage (NAS) devices, putting over 92,000 internet-facing devices at risk of being easily hacked. This vulnerability, along with CVE-2024-3272, allows for remote code execution (RCE) by chaining a backdoor and command injection. Hackers are actively exploiting these vulnerabilities to take over devices, leading to potential data theft and unauthorized device control. Despite the severity of the issue, D-Link has announced that it will not be issuing a fix for the affected devices, urging owners to upgrade or disconnect their devices as soon as possible. In response to the threat, Ansible playbooks have been designed to check and remediate another vulnerability, CVE-2024-3094, known as the XZ Backdoor. Additionally, a Proof of Concept (PoC) for exploiting CVE-2024-3273 has been made available, highlighting the urgent need for affected users to take action. Reports from Security Affairs, Shadowserver, and The Hacker News emphasize the critical nature of these flaws.
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks: https://t.co/9wXGR7co71 by The Hacker News #infosec #cybersecurity #technology #news
⚠️ Urgent Alert: Hackers are exploiting vulnerabilities (CVE-2024-3272 and CVE-2024-3273) in D-Link NAS devices. Up to 92,000 devices affected, allowing data theft and device control. https://t.co/XsBNXyjQ7A D-Link won't fix it – upgrade or disconnect ASAP! #hacking #tech
Hackers actively exploit critical remote takeover vulnerabilities in D-Link devices https://t.co/nIE4jWjVZB
We have started to see scans/exploits from multiple IPs for CVE-2024-3273 (vulnerability in end of life D-Link Network Area Storage devices). This involves chaining of a backdoor & command injection to achieve RCE. D-Link announcement: https://t.co/Z3HD9k1nQc
This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices. https://t.co/Xd0owXVp2X
Over 92,000 Internet-facing D-Link NAS devices can be easily hacked https://t.co/xs5VbnbwOj
Over 92,000 Internet-facing D-Link NAS devices can be easily hacked: https://t.co/fFa6E7opIC by Security Affairs #infosec #cybersecurity #technology #news
D-Link NAS CVE-2024-3273 Exploit Tool https://t.co/Q4ZpIjeDFW
Over 92,000 exposed D-Link NAS devices have a backdoor account https://t.co/qCW4Pt4oHr
Over 92,000 exposed D-Link NAS devices have a backdoor account - @billtoulas https://t.co/eNe6JEnqGb https://t.co/eNe6JEnqGb
Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor) https://t.co/HP0FqXI7Jk
CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices https://t.co/1Adk3UThvp