D-Link has issued a rip and replace order for its expired NAS devices, which are being actively exploited due to critical security vulnerabilities, including a hardcoded backdoor and a command injection bug. The affected models have reached their end-of-service date and will not receive firmware updates or security patches. Users are advised to retire and replace these devices, as exploit attempts are actively targeting them, potentially leading to unauthorized access and data risk.
Two critical security flaws affecting legacy D-Link NAS devices have left as many as 92,000 devices vulnerable to malware attacks, with threat actors actively exploiting the vulnerabilities to deliver the Mirai botnet malware. D-Link has no plans to release a patch and advises customers to replace the affected devices, while the Shadowserver Foundation recommends taking the devices offline or firewalling remote access to mitigate potential threats. The findings highlight the evolving tactics of threat actors, with malware-initiated scanning attacks increasingly being used to exploit vulnerabilities in target networks.
Over 92,000 end-of-life D-Link NAS devices are being actively targeted by attackers exploiting a critical remote code execution (RCE) zero-day flaw, resulting from a backdoor and command injection issue. The vulnerability allows threat actors to deploy Mirai malware variants, potentially leading to unauthorized access, data modification, or denial of service. D-Link has stated that these devices are no longer supported and recommends retiring or replacing them, although it's also advised owners to ensure the devices have the latest firmware.
Hackers are actively exploiting critical vulnerabilities in 92,000 D-Link network-attached storage devices, which can be remotely taken over by sending malicious commands through simple HTTP traffic. D-Link has no plans to patch the vulnerabilities in end-of-life devices, leaving them unsupported. The vulnerabilities, found in the nas_sharing.cgi programming interface, allow for remote takeover and have severity ratings of 9.8 and 7.3. The best defense is to replace end-of-life hardware or ensure it's running the most recent firmware, and to disable UPnP and remote Internet connections unless necessary and properly configured.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified and patched eight actively exploited vulnerabilities, including six affecting Samsung smartphones and two impacting D-Link devices. The flaws in Samsung devices may have been used by a commercial spyware vendor in targeted attacks, while the D-Link vulnerabilities were leveraged by threat actors associated with a Mirai botnet variant. Federal agencies are required to apply necessary fixes by July 20, 2023, to protect their networks.
