The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel

92,000 D-Link Backdoors

Over 92,000 end-of-life D-Link NAS models have a critical flaw in them that allows attackers to backdoor to the devices, leading to unauthorized access to sensitive data. The models include DNS-340L, DNS-320L, DNS-327L, and DNS-325.

Exploiting this involves manipulating the nas_sharing_cgi CGI script, which will result in data theft, denial of service attacks, and other malicious activities. To go a little more in depth in terms of username and password being exposed the problem lies within the request, which includes the user=messagebus and an empty password field, this indicates a backdoor with no authentication required. Attackers can also exploit the “System” parameter within the request to inject their own commands. Chaining these two together on one of these D-Link devices can cause access to sensitive information, system configuration alteration, and denial of service as mentioned before.

D-Link recommends retiring and replacing all affected devices as no patches are coming due to its end-of-life status. Now since the news has spread there have been several reports of attackers trying to find these devices open on the internet and to start attacking them. If you are to continue to use these devices it is recommended to have the latest firmware and update the device’s password to web GUI (Graphical User Interface) and enable wi-fi encryption. Adding another layer of protection, you can add a firewall rule to drop any ingress HTTP/HTTPS requests to the NAS.

Recent Posts

PuTTY SSH Client Flaw

CVE-2024-31497 is a vulnerability in PuTTY versions 0.68 through 0.80. PuTTY is a popular open-source terminal emulator, serial console, and network file transfer application that

Read More »


“Darcula” represents a new breed of Phishing-as-a-Service (PaaS) posing a serious threat to both Apple and Android users. This sophisticated attack leverages encrypted text messages

Read More »
For Emergency Support call: (877) 423-7486
For other support requests or to access your Cerium 1463° portal click here
Stay in the Know

Stay in the Know

Don't miss out on critical security advisories, industry news, and technology insights from our experts. Sign up today!

You have Successfully Subscribed!