Friday, November 15, 2024
HomeCyber AttackD-Link RCE Vulnerability Exploited in Wild, Impacts 92,000 Devices

D-Link RCE Vulnerability Exploited in Wild, Impacts 92,000 Devices

Published on

Cybercriminals have actively exploited a critical vulnerability in D-Link Network Attached Storage (NAS) devices globally.

Identified as CVE-2024-3273, this remote code execution (RCE) flaw poses a significant threat to as many as 92,000 devices worldwide.

The exploit allows attackers to execute arbitrary code on vulnerable devices, potentially leading to data theft, device hijacking, and the spread of malware.

- Advertisement - SIEM as a Service

The Discovery and Impact

A generic shell script pattern that botnet operators frequently use is involved in the exploit. This script attempts to execute malware across every possible CPU architecture, hoping that at least one attempt will succeed.

The malware, identified as “skid.x86,” is fetched from a remote server and has been analyzed and shared for further scrutiny on VirusTotal, a popular platform for malware analysis.

In response to the discovery, GreyNoise quickly released a tag for tracking attempts to exploit the CVE-2024-3273 vulnerability.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

D-Link, the manufacturer of the affected NAS devices, has issued a support announcement regarding the vulnerability.

The company is actively working on addressing the issue and has urged users of the affected devices to stay informed about updates and patches.

D-Link’s commitment to resolving the vulnerability is a critical step in mitigating the exploit’s impact and safeguarding users’ data and devices.

Free Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

The Broader Implications

The exploitation of CVE-2024-3273 highlights the constant threat that cybercriminals pose and the significance of effective cybersecurity measures.

It highlights the need for continuous monitoring, timely updates, and the adoption of best practices in cybersecurity.

For users of D-Link NAS devices, it is imperative to follow the company’s guidance and apply any available patches to protect against potential attacks.

The vulnerability was first brought to light by GreyNoise, a cybersecurity firm renowned for its expertise in internet-wide scans and attack analysis.

The active exploitation of the CVE-2024-3273 vulnerability in D-Link NAS devices is a stark reminder of the vulnerabilities within our digital infrastructure.

GreyNoise and D-Link’s swift response exemplifies the importance of vigilance and collaboration in the fight against cyber threats.

As the situation evolves, staying informed and taking proactive measures will be key to ensuring the security of our devices and data.

In a world where cyber threats are constantly evolving, the discovery and mitigation of vulnerabilities like CVE-2024-3273 play a crucial role in maintaining the integrity and security of our digital ecosystem.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...