CyStack Security specialists found that the D-Link DNS-320 ShareCenter NAS devices are vulnerable to a critical bug that allows remotely gain full control over the device and access files stored on it.
The vulnerability received the identifier CVE-2019-16057 and affects the D-Link DNS-320 devices that are running firmware version 2.05b10 and earlier.“While doing some research on network devices we found a command injection vulnerability at the login module of a D-Link DNS-320 device. The flaw exists at a hidden feature called SSL Login which its required parameter, port, can be poisoned”, — reported CyStack Security specialist Trung Nguyen.
In response to this, the manufacturer released a security bulletin from which it became clear that this bug was accidentally fixed in April, this year, when D-Link released firmware version 2.06b01, which was supposed to prevent the Cr1ptT0r ransomware from attacking D-Link NAS devices.
Fortunately, according to CyStack Security experts, only about 800 vulnerable devices can now be found on the network, but earlier, until the April patch, all NAS D-Link DNS-320s were vulnerable to attack by cybercriminals.
Read also: Encrypting malware attacks NAS Synology and Lenovo Iomega
The bug was a command injection problem present in the login module for the admin interface. So, the module /cgi/login_mgr.cgi contained the port parameter, which could be “poisoned”. An unauthenticated attacker could use this problem to execute arbitrary commands with root privileges, which allowed him to gain full control over the target device and the files on it.
To help better protect devices from security attacks, malware, and ransomware:
- Do not connect these devices directly to the Internet and/or port-forward services directly from the Internet.
- Keep device firmware up-to-date.
- Any computer accessing information on these devices should have appropriate anti-virus protection and malware protection enabled.
- Schedule regular back-ups of stored information on the devices, it is necessary in case a disaster recovery is needed.