Yesterday, some researchers active in the context of cybersecurityhave identified some attempted attacks against devices D-Link.
Cybercriminals, it seems, are acting by exploiting an exploit, discovered a couple of weeks ago, which would make them extremely vulnerable 92.000 NAS produced by the aforementioned brand.
According to the findings, cybercriminals exploit the vulnerability to send malicious commands through HTTP traffic. What also makes the situation particularly delicate is the fact that D-Link has no intention of correcting the exploit.
Apparently, in fact, the devices are no longer supported by the manufacturer as they are considered too dated.
D-Link will not offer a patch to fix these two dangerous vulnerabilities
One of the companies that identified the malicious campaign, viz Greynoisedescribed the main phases of the attack.
This would have happened on Sunday night (02:17 UTC), with an attempt to download and install various malware by the hackers involved in the attack.
According to what experts reported, there would theoretically be two vulnerabilities and they would offer everything cybercriminals need to create real disasters. The first exploit, known as CVE-2024-3272presents itself with a score of severity of 9.8 on a scale of 10 and it’s one backdoor. The second vulnerability identified, i.e CVE-2024-3273instead has a severity level of 7.3.
In simple words, according to what the experts describe, it would be enough to obtain full access to the devices simply by sending a series of HTTP requests. A very delicate situation,
What devices are at risk?
As reported by D-Link itself, the models considered at risk are:
- DNS-320L
- DNS-325
- DNS-327L
- DNS-340L
The aforementioned devices would be considered at the end of their life cycle, depending on the individual model, with an expiry date dal 2017 al 2020. The company, as well as experts, recommend deactivating the affected products and replacing them with newer ones.