virus logo Outbreak Alert

D-Link Multiple Devices Attack

Released: May 23, 2024

Download PDF »

D-link Multiple Devices Attack Vulnerability Attack Tags

High Severity

Routers Platform

D-link Vendor

Watch Video

Subscribe

Actively Targeted in the Wild

Multiple D-link device vulnerabilities are being actively targeted. Many of the Routers and NAS devices are end-of-life (EOL) D-Link devices that do not have any patches available. Learn More »

Common Vulnerabilities and Exposures






Background

D-Link DIR-600 routers contain a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2014-100005) that allows an attacker to change router configurations by hijacking an existing administrator session. CVE-2021-40655 is a D-Link DIR-605 router Information Disclosure vulnerability that allows attackers to obtain a username and password by forging a post request. D-Link Go-RT devices are vulnerable to Buffer Overflow vulnerability (CVE-2022-37055). The vulnerability CVE-2024-3272 relies on the use of a user account present by default on all the impacted D-Link NAS models. These NAS Devices use Hard-Coded Credentials. The vulnerability CVE-2024-3273 allows a remote command injection on impacted D-link NAS devices. By combining CVE-2024-3273 vulnerability with CVE-2024-3272, it is possible to send commands remotely without any authentication, making this attack very dangerous because attackers could steal sensitive data on these NAS devices and further use it for Ransomware attacks.

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


Fortinet customers remain protected via the IPS signatures available for all the vulnerabilities. FortiGuard Labs continues to see widespread attack attempts targeting these vulnerabilities. The vendor recommends that the D-Link devices that have reached EOL/EOS should be retired and replaced, as there are no patches available for them. Users are recommened to visit D-Link website and determine if their product is affected and follow vendor guidelines for mitigating risks. Please see references section for more information.

  • May 24, 2024: FortiGuard Labs observed attack attempts targeting the CVE-2022-37055 on up-to 20,000+ unique IPS devices.

  • May 22, 2024: FortiGuard Labs observed attack attempts targeting the CVE-2024-3273 and CVE-2024-3272 on up-to 30,000+ unique IPS devices.

  • May 16, 2024: CISA added CVE-2014-100005 and CVE-2021-40655 to to its known exploited catalog (KEV).

  • April 11, 2024: CISA added CVE-2024-3273 and CVE-2024-3272 to its known exploited catalog (KEV)

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • IPS

  • Web App Security

  • IoT/IIoT Virtual Patch

DETECT

  • IOC

  • Outbreak Detection

  • Threat Hunting

  • Playbook

RESPOND

  • Automated Response

  • Assisted Response Services

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Attack Surface Hardening

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.