92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive shell has popped up on GitHub. About CVE-2024-3273 “The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hardcoded credentials, and a command injection vulnerability via the … More →

The post …

account backdoor compromise cve cve-2024 devices d-link d-link nas don't miss exploit exploited facing flaw found github hot stuff internet lies link nas old researcher shell threat vulnerability week