CVE-2024-3273

Name of the Vulnerable Software and Affected Versions D-Link DNS-320L versions 1.00.0409.2013 through 1.11 D-Link DNS-325 versions 1.01 D-Link DNS-327L versions 1.00.0409.2013 through 1.09 D-Link DNS-340L versions 1.08

Description A critical vulnerability was found in D-Link NAS devices, allowing remote code execution due to a combination of a hardcoded account and the ability to inject commands through the system parameter. The vulnerability exists in the /cgi-bin/nas sharing.cgi script and affects the HTTP GET Request Handler component. Over 92,000 internet-facing devices are potentially affected. The issue has been exploited in the wild, and users are advised to replace their devices as they have reached the end of their lifespan.

Recommendations For D-Link DNS-320L version 1.11 and earlier: Replace the device with a newer model. For D-Link DNS-325 version 1.01: Replace the device with a newer model. For D-Link DNS-327L version 1.09 and earlier: Replace the device with a newer model. For D-Link DNS-340L version 1.08: Replace the device with a newer model. As a temporary workaround, consider disabling the /cgi-bin/nas sharing.cgi script until a replacement device is available. Restrict access to the device and use unique passwords to minimize the risk of exploitation.