A critical vulnerability (CVE-2024-10914) has been discovered in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L Network Attached Storage (NAS) devices running firmware version up to 20241028. This vulnerability has been classified as critical because it can allow an attacker to execute arbitrary operating system (OS) commands. This could potentially enable unauthorized access, data exfiltration, or even denial of service attacks. The attack can be initiated remotely, and the complexity of an attack is high.
Vulnerability Details
The vulnerability resides in the cgi_user_add function of the /cgi-bin/account_mgr.cgi?cmd=cgi_user_add file. A successful exploit can occur when an attacker manipulates the "name" argument, leading to operating system command injection.
Here's a sample code snippet that demonstrates the vulnerability
POST /cgi-bin/account_mgr.cgi
Content-Type: application/x-www-form-urlencoded
Content-Length: 56
cmd=cgi_user_add&name=;evil_command;&password=test1234;
In this code snippet, the attacker tries to add a new user through the cgi_user_add function by injecting an "evil_command" in the "name" argument, which can potentially lead to arbitrary OS command execution.
Original References
- CVE-2024-10914: Exploit Database
- Original researcher's blog post
Exploit Details
Though the exploitation of this vulnerability seems difficult, the exploit has already been disclosed to the public, and it may be used by threat actors. Users of these D-Link NAS devices are strongly advised to apply the latest firmware update to mitigate the risk of any potential exploitation.
Mitigation
D-Link has reportedly acknowledged this vulnerability, and it is expected that a firmware update addressing the issue will be made available soon. NAS users should monitor the D-Link Support website for updates and apply any released patches promptly.
Conclusion
The recent discovery of this critical vulnerability in multiple D-Link NAS devices underlines the importance of employing robust security measures and maintaining updated firmware. As attackers continue to target IoT devices and network appliances, it's crucial for both users and vendors to stay informed and proactive in combating security threats.
Timeline
Published on: 11/06/2024 14:15:05 UTC
Last modified on: 11/24/2024 15:15:06 UTC