D-Link Refuses To Patch ~60,000 Venerable NAS Devices

Source: Bleeping Computer D-Link Refuses To Patch ~60,000 Venerable NAS Devices

Time To Toss Out Some D-Link NAS Devices

There are four D-Link NAS devices which include the DNS-320 Version 1.00, DNS-320LW Version 1.01.0914.2012, DNS-325 Version 1.01, Version 1.02, and DNS-340L Version 1.08 which all have a serious vulnerability.  Sadly, since they are rather elderly, D-Link has decided they will not release a patch to fix the issue, so their customers best choice is to toss them out.  These devices are more commonly found being used in small businesses as opposed to in a home, which will cause a lot of frustration for customers and employees alike.

The vulnerability has a 9.2 severity score, and will allow an attacker to inject arbitrary shell commands by sending specially crafted HTTP GET requests to the devices.  D-Link no longer makes NAS devices, which is the main reason for their choice not to patch these old products.  If there is any bright spot to this, it is that you won’t have to worry about ending up with another dodgy D-Link NAS device as they don’t sell them anymore. 

If you can’t immediately replace the device, you’d best take it offline before a simple Curl command starts running code neither you nor your customers want running on a device that holds private data.

The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the ‘cgi_user_add’ command where the name parameter is insufficiently sanitized.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!