DNS-340L, DNS-320L, DNS-327L, and DNS-325 All Need To Go
There are four models of D-Link NAS, all of which have hit end of service, which should definitely be immediately disconnected if you have them attached to anything. All four have a backdoor with a 9.8 severity rating and there is no fix coming. D-Link has stood by their recommendation to replace the devices with new models, as they have no plans to reverse their decision to no longer support EoS devices.
The flaw is unlikely not something you can fix on your own, it’s a hard coded username with no password and that username is well known across the net. The user on these four models has enough permissions to trigger remote code execution, which will lead to all sort of nightmares for those who have data stored on the device.
Up to you if you replace them with another D-Link device, or if you might want to shop around a little bit!
At the time the research went out, more than 92,000 vulnerable devices were facing the internet, the majority of which were based in the UK, although thousands were also vulnerable in Thailand, Italy, Germany, and more.
More Tech News From Around The Web
- Critical Rust flaw enables Windows command injection attacks @ Bleeping Computer
- Microsoft fixes two Windows zero-days exploited in malware attacks @ Bleeping Computer
- PC shipments up for first quarter thanks to AI, say analysts @ The Register
- Linux Continues To Be Above 4% On the Desktop @ Slashdot
- Intel Says New Gaudi 3 AI Chips Top Nvidia H100s in Speed and Cost @ Slashdot
- AT&T now says data breach impacted 51 million customers @ Bleeping Computer
- Got an unpatched LG ‘smart’ television? It could be watching you back @ The Register
- Kobo adds color to its e-reader lineup for the first time, starting at $149 @ Ars Technica
- Homebrew Network Card With No CPU @ Hackaday
- AVerMedia Live Gamer 4K 2.1 @ TweakTown
- Aqirys Atlas Gaming Chair @ TechPowerUp
This is one major reason why I do not like NAS appliance devices like this. Such devices carry a large price premium for the hardware offered, while offering rather short service life, while also often being heavily locked down so that when the company discontinues support, then the device becomes either a paperweight, or unsafe to use. There are currently 2 bay NAS appliances that are being sold for $600 and comes with no drives, and use a dual core Intel Celeron J3355 and have 6GB of DDR3L RAM, Imagine the PC you can build to make into a NAS for $600.
Turn an old PC into a NAS, and for far less money, end up with a device that will often start with support for 6-8 drives, along with options to expand via HBAs, while having the freedom to choose which software you run. Even if your current NAS software gets discontinued, the hardware will live on as you run run something else to meet your needs.
While some NAS appliances can offer unique conveniences, especially in cases where you just want a turn key solution, often times the software support ends long before the hardware gets even close to becoming obsolete. For example, there are many NAS products that can saturate a 2.5GbE connection but no longer receive security updates.