Security News > 2024 > April > Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
2024-04-09 05:46
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in
News URL
https://thehackernews.com/2024/04/critical-flaws-leave-92000-d-link-nas.html
Related news
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- D-Link won’t fix critical flaw affecting 60,000 older NAS devices (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- D-Link won’t fix critical bug in 60,000 exposed EoL modems (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-04 | CVE-2024-3273 | Unspecified vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |
2024-04-04 | CVE-2024-3272 | Unspecified vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |