CVE-2024-3272 Scanner

CVE-2024-3272 Scanner - Backdoor vulnerability in D-Link Network Attached Storage

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

18 days 8 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

D-Link Network Attached Storage devices, like DNS-320L, DNS-325, DNS-327L, and DNS-340L, are commonly used in homes and small businesses for data sharing and backup purposes. They allow users to access and share files across a network, facilitating collaborative work environments. These devices offer built-in file management and security features and are connected to a network, providing a centralized data storage solution. The devices are designed for ease of use, with web-based interfaces for administration and configuration. D-Link NAS devices are popular due to their reliability and affordability. They support multiple users, making them suitable for data storage and sharing in environments requiring access control and data security.

A backdoor vulnerability in D-Link Network Attached Storage allows unauthorized remote access to the system. This critical security flaw is found in DNS-320L, DNS-325, DNS-327L, and DNS-340L models. The vulnerability originates from a weakness in the HTTP GET Request Handler, specifically impacting the file /cgi-bin/nas_sharing.cgi. Affected devices may expose sensitive functions or data to attackers, bypassing normal authentication controls. The misuse of this vulnerability can lead to unauthorized account access using hard-coded credentials. Identifying this vulnerability is important for ensuring device security and maintaining data integrity.

The technical root of the vulnerability lies within the HTTP GET Request Handler of certain D-Link NAS devices. When processing requests to /cgi-bin/nas_sharing.cgi, the system can be manipulated using specific inputs. By setting the 'user' argument to 'messagebus', attackers can trigger unintended behavior, effectively exploiting hard-coded credentials. This process bypasses typical authentication layers, enabling unauthorized access. The vulnerability is detectable through classic indicators, such as specific status codes and response patterns. Detection involves examining the HTTP response for markers confirming unauthorized access has been granted.

Exploiting this backdoor vulnerability can have dire consequences. An attacker could potentially gain administrative access to the device and execute arbitrary commands. This access could lead to data theft, unauthorized data manipulation, or system compromise. The integrity and confidentiality of data stored on the NAS devices are put at risk, potentially affecting all connected users. Systems could be rendered inoperational, depriving users of critical data access at key times. Unauthorized access could also facilitate broader network attacks, impacting other systems and devices within the network environment.

REFERENCES

Get started to protecting your digital assets