The affected D-Link models include:
- DNS-320 Version 1.00
- DNS-320LW Version 1.01.0914.2012
- DNS-325 Versions 1.01 and 1.02
- DNS-340L Version 1.08
Unfortunately, D-Link has declined to release a patch for these models, as they have all reached their end-of-life (EOL) or end-of-service (EOS) dates. The company advises users to replace these models with newer devices still under support.
Netsecfish’s findings suggest there are over 61,000 instances of these vulnerable D-Link devices accessible via the internet, with more than 41,000 unique IP addresses identified. While exploiting the vulnerability may be complex, any capable attacker could theoretically access these devices.
For those currently using the affected models, it’s recommended to consider upgrading to a newer, supported NAS system. As a temporary safeguard, restrict access to the NAS interface to trusted IP addresses or isolate the device from the public internet entirely. Additionally, third-party firmware may be an option for those comfortable with technical installations, but it’s essential to ensure the firmware comes from a trusted source.
If you’re considering a new NAS, now may be the time to explore updated options to maintain robust security and functionality.
Source: Tom’s Hardware
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.