If you’re using a D-Link NAS equipment, disconnect it from the internet.
D-Link NAS devices are vulnerable to remote takeover and arbitrary code execution.
This problem will never be fixed, as D-Link stopped supporting its NAS devices “many years” ago.
Andrew Heinzman / How-To Geek
The D-Link NAS flaw, tracked asCVE-2024-3273, was discovered by cybersecurity researcher Netsecfish.
Netsecfish performed a online grid scan to see how many D-Link NAS devices are exposed to the internet.
The headcount is approximately 92,000.
Researchers at Greynoise say that hackersare now attemptingto exploit the CVE, and D-Link has publishedan advisoryfor affected customers.
The following gadget models are affected by this CVE:
D-Link doesn’t manufacture NAS devices anymore.
Its NAS products reached End-of-Life and End-of-Service several years ago.
As for why Netsecfish chose to publicize this vulnerabilitywell, in this case, it’s standard practice.
The unfortunate side effect is that hackers are now aware of this issue, too.
