Network Attached Storage (NAS) devices are storage servers connected to a network that allows multiple devices to access and share data. D-Link is a popular manufacturer of NAS devices.
This vulnerability is particularly dangerous because it allows attackers to remotely execute code on affected devices. This can give them complete control over the device, allowing them to steal data, install malware, or launch denial-of-service attacks.
The vulnerability is exploited by taking advantage of two security weaknesses. First, there is a backdoor account on the devices called "messagebus" that has no password. Second, there is a vulnerability in the system parameter that allows attackers to inject malicious code.
Mirai is a type of malware that infects devices and turns them into bots that can be used to launch large-scale denial-of-service attacks. These attacks can overwhelm websites and online services with traffic, making them inaccessible to legitimate users.
The vulnerability affects multiple D-Link NAS devices, including some popular models. If you have one of these devices, it is important to take action immediately.
Unfortunately, D-Link is not providing security patches for these end-of-life devices. They recommend that users retire or replace the affected devices. There is a legacy support page, but the firmware updates available there will not fix this security vulnerability.
NAS devices should not be exposed directly to the internet because they are a frequent target for ransomware attacks. Ransomware encrypts data, making it inaccessible to users until a ransom is paid.
This vulnerability is not specific to these NAS devices. Other D-Link devices, including some end-of-life models, have also been targeted by Mirai-based botnets. It's important to keep all of your devices up to date with the latest security patches.
1. Do not use end-of-life devices 2. Keep software up to date 3. Consider not exposing NAS devices directly to the internet