News + Trends

Best to switch off immediately: Older D-Link NAS models at risk

12.4.2024

Translation: machine translated

A total of 20 NAS models from D-Link are currently under active attack. The affected models are no longer receiving security updates. The manufacturer is therefore proposing that they be taken out of service and replaced.

On 26 March, a third-party security research provider drew D-Link's attention to the fact that some of its older NAS models had two security vulnerabilities. Thanks to these, third parties can gain access to the network storage devices via the internet using an exploit.

The worst thing about this is that it is sufficient if port forwarding is defined for one of the affected NAS. In other words, if the NAS web interface can be accessed from the internet. A password is not required for access. After all, the exploit only affects older products that have already reached their end of life (EOL). What's worse is that they no longer receive updates as a result.

Affected devices have increased fivefold overnight

After D-Link was informed about the security vulnerabilities, the company announced on 4 April that four devices were affected (DNS-340L, DNS-320L, DNS-327L and DNS-325). The backdoors are loopholes that enable command injection and backdoor account attacks. The attack only requires the victim's IP address, some knowledge and a CGI script, which ultimately enables the execution of arbitrary shell commands.

D-Link has now updated the list of affected systems overnight. A total of 20 devices have been affected since 12 April. The company advises anyone with a device affected to take it out of service and replace it.

Here is the list of all models that should no longer be used: