Tech and Telecom

NCERT Issues Cyber Security Advisory on Critical D-Link Vulnerability

The National Computer Emergency Team (NCERT) has issued a cyber security advisory regarding D-Link Critical Vulnerability found in D-Link Devices.

According to the advisory, a critical vulnerability has been identified in multiple D-Link NAS (Network Attached Storage) devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others.

According to the advisory, this vulnerability, originating from flaws within the “nas_sharing.cgi uri,” involves hardcoded credentials and a command injection vulnerability via the system parameter.

Exploitation of this flaw could result in arbitrary command execution, potentially granting attackers access to sensitive information, and system configurations, or causing denial of service incidents.

According to the NCERT, the exploitation of this vulnerability poses a significant risk to affected D-Link NAS devices. Attackers could gain unauthorized access, manipulate system settings, or disrupt services, potentially resulting in data breaches or system downtime. Identified as CVE-2024-3273 and CVE-2024-3272, these vulnerabilities affect various D-Link NAS models up to April 3, 2024, with critical severity implications.

The advisory has asked the administrators to apply vendor-provided patches to all affected devices as soon as possible, following the instructions provided by D-Link and regularly monitoring for updates and security advisories from D-Link and other relevant sources.

The advisory has suggested implementing robust network security measures to detect and prevent unauthorized access to vulnerable devices and restrict network access to affected devices to only essential users and services. It has also asked the administrators to consider implementing network segmentation to isolate vulnerable devices from critical infrastructure.

NCERT emphasizes the criticality of addressing this vulnerability promptly to mitigate potential risks to organizational assets and data. Network Administrators are urged to prioritize these recommendations to ensure the security and integrity of their network infrastructure

Published by
ProPK Staff