Security News > 2024 > April > Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
2024-04-09 05:46
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in
News URL
https://thehackernews.com/2024/04/critical-flaws-leave-92000-d-link-nas.html
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-04 | CVE-2024-3273 | Unspecified vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |
| 2024-04-04 | CVE-2024-3272 | Unspecified vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |