** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
The vulnerability exists in the /cgi-bin/nas_sharing.cgi file, which handles HTTP GET requests. Manipulation of the 'user' parameter with the value 'messagebus' allows exploitation of hard-coded credentials embedded in the device's software. The attack does not require authentication, user interaction, or special privileges and can be carried out remotely over the network. An exploit has been publicly released and is actively being exploited.
An attacker can gain unauthorized, full access to the device, threatening the confidentiality, integrity, and availability of stored data and the entire system. It is possible to take control of the NAS device without knowledge of any legitimate credentials.
D-Link manufacturer officially confirmed the end-of-life status of these devices and does not plan to release a patch. It is recommended to immediately withdraw devices from operation and replace them with supported models. As a temporary measure, devices should be isolated from the public network, access to the nas_sharing.cgi service port should be blocked at the firewall level, and access should be restricted only to trusted hosts on the internal network.
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L in all firmware versions up to and including 20240403. The manufacturer confirmed that these products have reached end-of-life status and are no longer supported.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dnr 202l
HWDlinkwszystkie wersjeDlink Dnr 202l Firmware
OSDlinkwszystkie wersjeDlink Dnr 322l
HWDlinkwszystkie wersjeDlink Dnr 322l Firmware
OSDlinkwszystkie wersjeDlink Dnr 326
HWDlinkwszystkie wersjeDlink Dnr 326 Firmware
OSDlinkwszystkie wersjeDlink Dns 1100 4
HWDlinkwszystkie wersjeDlink Dns 1100 4 Firmware
OSDlinkwszystkie wersjeDlink Dns 120
HWDlinkwszystkie wersjeDlink Dns 1200 05
HWDlinkwszystkie wersjeDlink Dns 1200 05 Firmware
OSDlinkwszystkie wersjeDlink Dns 120 Firmware
OSDlinkwszystkie wersjeDlink Dns 1550 04
HWDlinkwszystkie wersjeDlink Dns 1550 04 Firmware
OSDlinkwszystkie wersjeDlink Dns 315l
HWDlinkwszystkie wersjeDlink Dns 315l Firmware
OSDlinkwszystkie wersjeDlink Dns 320
HWDlinkwszystkie wersjeDlink Dns 320 Firmware
OSDlinkwszystkie wersjeDlink Dns 320l
HWDlinkwszystkie wersjeDlink Dns 320l Firmware
OSDlink1.01.0702.20131.03.0904.20131.11Dlink Dns 320lw
HWDlinkwszystkie wersjeDlink Dns 320lw Firmware
OSDlinkwszystkie wersjeDlink Dns 321
HWDlinkwszystkie wersjeDlink Dns 321 Firmware
OSDlinkwszystkie wersjeDlink Dns 323
HWDlinkwszystkie wersjeDlink Dns 323 Firmware
OSDlinkwszystkie wersjeDlink Dns 325
HWDlinkwszystkie wersjeDlink Dns 325 Firmware
OSDlink1.01Dlink Dns 326
HWDlinkwszystkie wersjeDlink Dns 326 Firmware
OSDlinkwszystkie wersje
CISA KEV — detailsi
- Vendori
- D-Link
- Producti
- Multiple NAS Devices
- Added to KEVi
- April 11, 2024
- Remediation deadline (US Federal)i
- May 2, 2024(overdue)
This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.
Related vulnerabilities
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which...
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
Command injection w D-Link DNS-343 ShareCenter – zdalny dostęp root
Command injection w D-Link DNS-320/325/340L — zdalne wykonanie poleceń OS
Command injection w D-Link DNS-320/325/340L przez parametr group