Due to a bug, hackers can gain remote access to the files of the D-Link DNS-320 NAS devices

Bug in D-Link NAS devices
Written by Brendan Smith

CyStack Security specialists found that the D-Link DNS-320 ShareCenter NAS devices are vulnerable to a critical bug that allows remotely gain full control over the device and access files stored on it.

The vulnerability received the identifier CVE-2019-16057 and affects the D-Link DNS-320 devices that are running firmware version 2.05b10 and earlier.

“While doing some research on network devices we found a command injection vulnerability at the login module of a D-Link DNS-320 device. The flaw exists at a hidden feature called SSL Login which its required parameter, port, can be poisoned”, — reported CyStack Security specialist Trung Nguyen.

In response to this, the manufacturer released a security bulletin from which it became clear that this bug was accidentally fixed in April, this year, when D-Link released firmware version 2.06b01, which was supposed to prevent the Cr1ptT0r ransomware from attacking D-Link NAS devices.

Fortunately, according to CyStack Security experts, only about 800 vulnerable devices can now be found on the network, but earlier, until the April patch, all NAS D-Link DNS-320s were vulnerable to attack by cybercriminals.

Read also: Encrypting malware attacks NAS Synology and Lenovo Iomega

The bug was a command injection problem present in the login module for the admin interface. So, the module /cgi/login_mgr.cgi contained the port parameter, which could be “poisoned”. An unauthenticated attacker could use this problem to execute arbitrary commands with root privileges, which allowed him to gain full control over the target device and the files on it.

To help better protect devices from security attacks, malware, and ransomware:

  1. Do not connect these devices directly to the Internet and/or port-forward services directly from the Internet.
  2. Keep device firmware up-to-date.
  3. Any computer accessing information on these devices should have appropriate anti-virus protection and malware protection enabled.
  4. Schedule regular back-ups of stored information on the devices, it is necessary in case a disaster recovery is needed.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

Leave a Reply