Security News > 2024 > April > Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
2024-04-09 05:46
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in
News URL
https://thehackernews.com/2024/04/critical-flaws-leave-92000-d-link-nas.html
Related news
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-04 | CVE-2024-3273 | Unspecified vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |
| 2024-04-04 | CVE-2024-3272 | Unspecified vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |