A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive shell has popped up on GitHub. About CVE-2024-3273 “The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hardcoded credentials, and a command injection vulnerability via the … More

The post 92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) appeared first on Help Net Security.