Hanging on to older hardware comes with risk, and not just that it’ll eventually wear out. Security holes can be found years after launch, leaving devices at risk if the manufacturer no longer supports them. And, unfortunately, some owners of older D-Link network-attached storage (NAS) units are now in this exact position—two newly uncovered vulnerabilities allow attackers to remotely take over affected NAS models, then download and install malware on them.
As reported by Ars Technica, this exploit was discovered two weeks ago by security researcher netsecfish. On Monday, the information was publicly released to warn impacted owners, as D-Link will not be issuing firmware updates to patch the vulnerabilities—and security organizations like GreyNoise and Shadowserver began observing use of the exploit early Sunday universal time (UTC). D-Link has also issued its own advisory summarizing the situation.
The more major vulnerability (CVE-2024-3272) is a backdoor account accessible through credentials baked into the NAS unit’s firmware. It has a severity rating of 9.8 out of 10, which is considered critical. The other is a command-injection flaw, which allows any command to be run on the device by performing a HTTP GET request. Remote devices can use this protocol to ask for information from the queried device. An attacker can use these two vulnerabilities in combination to hijack an affected D-Link NAS, and then install malware. So far, about eight different strains of malware have been spotted in infection attempts.
Currently, about 92,000 D-Link NAS units have been found to be vulnerable, spanning models DNS-320L, DNS-325, DNS-327L, and DNS-340L across all regions where they were sold. Because these have been classified as end-of-service and no new firmware will be released, D-Link is advising owners to stop use and replace their NAS as a remedy.
If you have one of the NAS units in question but can’t immediately upgrade to a new one, your next best option is to disable remote access from the internet, as well as universal plug and play (UPnP) protocol. UPnP helps facilitate easier connectivity on your home network, but it can be manipulated by bad actors to attack your devices. Also confirm you’re running the latest firmware for your NAS model—it won’t help protect against this exploit, but you’ll at least won’t be vulnerable to already-patched issues. And should you be concerned your NAS is already infected, you can run an antivirus scan on its drives, provided your software supports network scanning. Taking a pass at a network drive isn’t always efficient (especially if you have tons of files), but it’s possible.
Author: Alaina Yee, Senior Editor, PCWorld
A 14-year veteran of technology and video games journalism, Alaina Yee covers a variety of topics for PCWorld. Since joining the team in 2016, she’s written about CPUs, Windows, PC building, Chrome, Raspberry Pi, and much more—while also serving as PCWorld’s resident bargain hunter (#slickdeals). Currently her focus is on security, helping people understand how best to protect themselves online. Her work has previously appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine.