D-Link has no plans to patch a critical vulnerability that was discovered in its legacy network-attached storage (NAS) systems that allows command injection via an exploit. Instead, the manufacturer recommends that owners of affected devices switch to newer models that are not affected by this issue.

Image Source: D-Link

We are talking about the vulnerability CVE-2024-10914, which received a critical severity rating of 9.2 points and was discovered by Netsecfish specialists. The vulnerability is present in the account_mgr.cgi script, where an attacker can adjust the name parameter in a special way to perform an exploit. In other words, an unauthenticated user has the ability to inject arbitrary shell commands by sending HTTP GET requests to the affected device.

The message says that the problem affects several D-Link network storage models: DNS-320 version 1.00, DNS-320LW version 1.01.0914.2012, DNS-325 version 1.01 and DNS-340L version 1.08. The bad news for users of these devices is that D-Link does not intend to release a patch to fix the mentioned vulnerability. This is because all affected NAS devices have reached the end of their support period and are no longer receiving software update updates.

The manufacturer recommends that owners of affected NAS devices quickly switch to using more current models. Those who cannot do this quickly should isolate their devices from the Internet or set stricter access rules for them. You can also try to find alternative firmware from third-party developers, but in this case, before downloading it, you should make sure that the firmware is reliable and secure.

admin

Share
Published by
admin

Recent Posts

A demo of Dispatch, a comedy game about a superhero agency from the former developers of Tales from the Borderlands and The Wolf Among Us, has been released on Steam

Developers from the American AdHoc Studio, founded by former Telltale Games, Ubisoft and Night School…

10 hours ago

Digma DP-FHD800A LCD Full HD Projector Review: A Modern Approach

When you think about a home theater, you immediately imagine bulky projectors with a bunch…

10 hours ago

Lian Li Introduces HydroShift II LCD-C Liquid Cooling System with 360mm Radiator and Three Configurations

Lian Li has introduced a series of maintenance-free liquid cooling systems HydroShift II LCD-C. It…

10 hours ago

Apple: App Store App Developers to Earn $406 Billion in 2024

Amid mounting pressure from U.S. regulators, Apple has released the results of an independent study…

10 hours ago

ASRock Admits Its Motherboards Break Ryzen 9000 Processors

Following a report from YouTube channel Tech Yes City that ASRock linked Ryzen 9000 processor…

10 hours ago

Apple to Change OS Numbering: iOS 26 to Come This Year Instead of iOS 19

Apple is preparing a large-scale rebranding of its line of operating systems. This was reported…

1 day ago