Published: April 9, 2024

Overview

A command injection vulnerability and a backdoor account have been discovered in D-Link NAS devices DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others. Attackers are able to compromise a large number of devices that are in need of immediate attention. 

Impact

Attackers will be able to get unauthorized access to devices without proper authentication due to the presence of the backdoor. The attacker will also be able to execute arbitrary commands on the system. 

Applicable Versions

Affected VersionsNot Affected Versions
DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013 

DNS-325 Version 1.01 

DNS-327L Version 1.09, Version 1.00.0409.2013 

DNS-340L Version 1.08 		These products have reached EOL/EOS and you must contact D-Link support. 

Mitigations and Workarounds

Since the DNS-320L, DNS-325, DNS 327L and DNS-340 have reached end of life and end of support, you must contact D-Link support to get a solution. 

Best Practices

Install security updates for all the devices in the network. Upgrade or replace the systems before end of support. 

Netsurion Detection and Response

Netsurion’s vulnerability management system is working with the vendors to update the vulnerability scanners to detect for customers who have subscribed to Netsurion Vulnerability Management. 

References:

Cybersecurity Updates
Latest Advisory Alerts

Palo Alto PAN-OS Command Injection Vulnerability

D-Link NAS Command Injection Vulnerability

VMware ESXi, Workstation, and Fusion Vulnerabilities

Latest Data Source Integrations

AWS Key Management Service (KMS)

Have I Been Pwned

SentinelOne

Latest Enhancements

Netsurion Open XDR Now Supports PCI DSS 4.0

Extended Data Source Integrations and Alerts Released for Essentials

Enriched Application Control in Open XDR 9.4