D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272)
Description
Multiple critical vulnerabilities affect various D-Link NAS models that have reached end-of-life status. CVE-2024-3272 exposes a hardcoded backdoor account that allows attackers to bypass authentication entirely. CVE-2024-3273 is a command injection vulnerability that, when chained with the backdoor account, enables remote code execution. Together, these flaws allow unauthenticated remote attackers to gain complete administrative control over affected devices.
Remediation
Immediately discontinue use of affected D-Link NAS devices, as they have reached end-of-life status and will not receive security patches. Replace these devices with currently supported NAS models from reputable vendors that receive regular security updates. If immediate replacement is not possible, implement the following temporary mitigations: (1) Disconnect affected devices from the internet and restrict network access to trusted IP addresses only using firewall rules, (2) Place devices on an isolated network segment with no access to sensitive systems or data, (3) Monitor device logs for suspicious authentication attempts or command execution, and (4) Backup all critical data to a separate, secure storage solution. Plan for permanent replacement as soon as feasible, as temporary mitigations cannot fully protect against these vulnerabilities.