Description

A backdoor account in various D-Link NAS models allows bypassing authentication. Combined with a command injection flaw, these vulnerabilities grant attackers the ability to fully control the affected NAS devices.

Remediation

Replace the end-of-life D-Link NAS with supported models.

References

D-Link Security Announcement

Command Injection and Backdoor Account in D-Link NAS Devices

Related Vulnerabilities

Java Debug Wire Protocol remote code execution

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Remote Code Execution (1.5.89)

Lotus Notes formula injection

CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability

PHP code injection (pmwiki)

Severity

Critical

Classification

CVE-2024-3273 CVE-2024-3272 CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution Known Vulnerabilitie