NCERT Issues Cyber Security Advisory on Critical D-Link Vulnerability

The National Computer Emergency Team (NCERT) has issued a cyber security advisory regarding D-Link Critical Vulnerability found in D-Link Devices.

According to the advisory, a critical vulnerability has been identified in multiple D-Link NAS (Network Attached Storage) devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others.

According to the advisory, this vulnerability, originating from flaws within the “nas_sharing.cgi uri,” involves hardcoded credentials and a command injection vulnerability via the system parameter.

Exploitation of this flaw could result in arbitrary command execution, potentially granting attackers access to sensitive information, and system configurations, or causing denial of service incidents.

According to the NCERT, the exploitation of this vulnerability poses a significant risk to affected D-Link NAS devices. Attackers could gain unauthorized access, manipulate system settings, or disrupt services, potentially resulting in data breaches or system downtime. Identified as CVE-2024-3273 and CVE-2024-3272, these vulnerabilities affect various D-Link NAS models up to April 3, 2024, with critical severity implications.

The advisory has asked the administrators to apply vendor-provided patches to all affected devices as soon as possible, following the instructions provided by D-Link and regularly monitoring for updates and security advisories from D-Link and other relevant sources.

The advisory has suggested implementing robust network security measures to detect and prevent unauthorized access to vulnerable devices and restrict network access to affected devices to only essential users and services. It has also asked the administrators to consider implementing network segmentation to isolate vulnerable devices from critical infrastructure.

NCERT emphasizes the criticality of addressing this vulnerability promptly to mitigate potential risks to organizational assets and data. Network Administrators are urged to prioritize these recommendations to ensure the security and integrity of their network infrastructure

Follow ProPakistani on Google News & scroll through your favourite content faster!

Support independent journalism

If you want to join us in our mission to share independent, global journalism to the world, we’d love to have you on our side. If you can, please support us on a monthly basis. It takes less than a minute to set up, and you can rest assured that you’re making a big impact every single month in support of open, independent journalism. Thank you.

Get Alerts

Follow ProPakistani to get latest news and updates.

ProPakistani Community

Join the groups below to get latest news and updates.