skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition
D-Link NAS Devices Found Vulnerable to Command Injection

D-Link NAS Devices Found Vulnerable to Command Injection

/ 2 min read

stories , cybersecurity , vulnerability management , command injection , d-link , nas security

Quick take - A command injection vulnerability affecting over 61,000 D-Link Network Attached Storage devices has been identified, allowing unauthorized attackers to execute arbitrary shell commands through improperly sanitized input in the account_mgr.cgi script, prompting users to apply patches and restrict network access to enhance security.

Fast Facts

  • A command injection vulnerability affects over 61,000 D-Link NAS devices, including models DNS-320LW and DNS-325.
  • The issue arises from improper handling of the name parameter in the cgi_user_add command within the account_mgr.cgi script.
  • Attackers can exploit this vulnerability by sending specially crafted HTTP GET requests to execute arbitrary shell commands.
  • Users are urged to apply patches and firmware updates from D-Link and restrict NAS management interface access to trusted IPs as a temporary measure.
  • The vulnerability is categorized under CWE-77: Command Injection, highlighting the severity of the security flaw.

D-Link NAS Devices Vulnerability

Overview of the Vulnerability

A command injection vulnerability has been identified in specific D-Link Network Attached Storage (NAS) devices, affecting over 61,000 devices connected to the Internet. The issue is linked to the handling of the name parameter within the cgi_user_add command in the CGI script. Unauthorized attackers can inject arbitrary shell commands through specially crafted HTTP GET requests.

Affected Models

The affected D-Link NAS device models include:

  • DNS-320LW Version 1.01.0914.2012
  • DNS-325 Version 1.01
  • DNS-325 Version 1.02

The flaw is localized to the account_mgr.cgi script, which fails to properly sanitize input for the name parameter. This failure enables potential command execution by malicious actors. The vulnerability falls under the Common Weakness Enumeration (CWE) category CWE-77: Command Injection.

Exploitation and Mitigation

An example of exploitation is demonstrated through a crafted curl command:

curl "http://[Target-IP]/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name;=%27;;%27"

This command activates the cgi_user_add command while injecting a shell command.

To mitigate this vulnerability, users are advised to apply any available patches and updates provided by D-Link. Users of the affected devices should implement firmware updates as soon as they are released. As a temporary measure, it is advised to restrict network access to the NAS management interface to trusted IP addresses, enhancing security while a comprehensive fix is being implemented.

Original Source: Read the Full Article Here

Check out what's latest

New File Transfer Protocol Developed for Enhanced Security and Performance
New File Transfer Protocol Developed for Enhanced Security and Performance
Study Introduces Benchmark for Evaluating Cryptographic Protocols
Study Introduces Benchmark for Evaluating Cryptographic Protocols
Study Reveals Vulnerabilities of LLMs to Bit-Flip Attacks
Study Reveals Vulnerabilities of LLMs to Bit-Flip Attacks