Cybercriminals have actively exploited a critical vulnerability in D-Link Network Attached Storage (NAS) devices globally.
Identified as CVE-2024-3273, this remote code execution (RCE) flaw poses a significant threat to as many as 92,000 devices worldwide.
The exploit allows attackers to execute arbitrary code on vulnerable devices, potentially leading to data theft, device hijacking, and the spread of malware.
We have started to see scans/exploits from multiple IPs for CVE-2024-3273 (vulnerability in end of life D-Link Network Area Storage devices). This involves chaining of a backdoor & command injection to achieve RCE.
— Shadowserver (@Shadowserver) April 8, 2024
D-Link announcement: https://t.co/Z3HD9k1nQc
The Discovery and Impact
A generic shell script pattern that botnet operators frequently use is involved in the exploit. This script attempts to execute malware across every possible CPU architecture, hoping that at least one attempt will succeed.
The malware, identified as “skid.x86,” is fetched from a remote server and has been analyzed and shared for further scrutiny on VirusTotal, a popular platform for malware analysis.
In response to the discovery, GreyNoise quickly released a tag for tracking attempts to exploit the CVE-2024-3273 vulnerability.
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .
D-Link’s Support Announcement
D-Link, the manufacturer of the affected NAS devices, has issued a support announcement regarding the vulnerability.
The company is actively working on addressing the issue and has urged users of the affected devices to stay informed about updates and patches.
D-Link’s commitment to resolving the vulnerability is a critical step in mitigating the exploit’s impact and safeguarding users’ data and devices.
Free Webinar.for DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors -Â Register Here
The Broader Implications
The exploitation of CVE-2024-3273 highlights the constant threat that cybercriminals pose and the significance of effective cybersecurity measures.
It highlights the need for continuous monitoring, timely updates, and the adoption of best practices in cybersecurity.
For users of D-Link NAS devices, it is imperative to follow the company’s guidance and apply any available patches to protect against potential attacks.
The vulnerability was first brought to light by GreyNoise, a cybersecurity firm renowned for its expertise in internet-wide scans and attack analysis.
The active exploitation of the CVE-2024-3273 vulnerability in D-Link NAS devices is a stark reminder of the vulnerabilities within our digital infrastructure.
GreyNoise and D-Link’s swift response exemplifies the importance of vigilance and collaboration in the fight against cyber threats.
As the situation evolves, staying informed and taking proactive measures will be key to ensuring the security of our devices and data.
In a world where cyber threats are constantly evolving, the discovery and mitigation of vulnerabilities like CVE-2024-3273 play a crucial role in maintaining the integrity and security of our digital ecosystem.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
