D-Link Multiple NAS Devices Command Injection & Sternum Protection

Bruno Rossi
Bruno Rossi

4  min read | min read | 16/04/2024

What is D-Link NAS Devices Command Injection Vulnerability (CVE-2024-3273)?

As mentioned on the NIST website, a critical vulnerability was discovered in D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L devices. The vulnerability is related to the nas_sharing.cgi file’s HTTP GET Request Handler component, allowing for command injection through system argument manipulation. The exploit can be launched remotely, and it has been disclosed publicly, increasing the risk of exploitation. This vulnerability only affects devices that are no longer supported by D-Link, and the vendor has confirmed the end-of-life status of these products, recommending retirement and replacement.

 

The Risks Posed By Unsupported Devices Vulnerabilities

Unsupported devices due to end-of-life (EOL) status pose a significant problem for several reasons:

  1. Lack of Security Updates: Once a device reaches EOL status, the manufacturer typically stops providing security updates and patches. This leaves the device vulnerable to newly discovered exploits and vulnerabilities.
  2. Increased Risk of Exploitation: Cybercriminals actively target devices with known vulnerabilities, especially those that are no longer supported. They can exploit these vulnerabilities to gain unauthorized access, steal sensitive information, or launch attacks.
  3. Impact on Security Posture: Unsupported devices can weaken an organization’s overall security posture. They can serve as entry points for attackers to gain access to the network and compromise other devices and systems.
  4. Regulatory Compliance Concerns: Many industries have regulatory requirements that mandate the use of supported and secure devices. Using devices with known vulnerabilities may lead to compliance issues and potential fines.
  5. Financial Implications: Mitigating the risk posed by unsupported devices can be costly. Organizations may need to invest in additional security measures or replace affected devices, leading to increased expenses.
  6. Reputation Damage: A security breach resulting from an unsupported device can damage an organization’s reputation and erode customer trust.
  7. Long-Term Risks: Some devices may remain in use for years after they reach EOL status, further increasing the risk of exploitation if vulnerabilities are not addressed.

 

Why aren’t D-Link Devices at EOL worth patching

  1. Cost-Effectiveness: Developing and deploying patches for EOL products can be expensive and time-consuming. Manufacturers often prioritize resources for current products that are actively supported by customers.
  2. Resource Allocation: Manufacturers may prefer to allocate resources towards developing new products or supporting current products that have a larger customer base. Patching EOL products may not align with their business priorities.
  3. Technical Challenges: EOL products may have outdated hardware or software components that make it difficult or impossible to develop and deploy patches. It may also be challenging to test patches for EOL products across different configurations.
  4. Security Risks: EOL products are no longer receiving security updates, making them more vulnerable to new threats. Patching may only address specific vulnerabilities, leaving the product exposed to other potential security risks.
  5. Transition to Newer Products: Manufacturers may encourage customers to upgrade to newer products that offer enhanced features and security rather than invest resources in patching EOL products.

Overall, the decision to patch EOL products depends on various factors, including the product’s complexity, customer demand, technical feasibility, and business priorities.

 

What can be done

Here are five options that can be considered when dealing with end-of-life (EOL) products that are no longer supported by manufacturers:

  1. Upgrade or Replace: The most effective long-term solution is to upgrade to supported products or replace EOL devices with newer, supported models. This ensures that you have access to security patches and updates to protect against vulnerabilities.
  2. Implement Additional Security Measures: While not a replacement for patching, implementing additional security measures can help mitigate the risk posed by EOL products. This can include network segmentation, firewalls, intrusion detection systems, and prevention technology like Sternum Zero Day Protection, that fully protects against exploitation attempts of CVEs like these. An additional option is virtual patching – using security tools, such as intrusion prevention systems (IPS), to detect and block exploits targeting known vulnerabilities in EOL products. While not a permanent solution, it can provide temporary protection until a more permanent solution is implemented.
  3. Limit Exposure: If possible, limit the exposure of EOL products to the internet or external networks. This can help reduce the likelihood of them being targeted by attackers.
  4. Monitor for Signs of Compromise: Regularly monitor EOL products for signs of compromise, such as unusual network activity or unauthorized access attempts. Prompt detection can help mitigate the impact of a security breach.

It’s important to note that other than Sternum’s zero day protection, all the above-mentioned options can help reduce the risk posed by EOL products, they do not provide the same level of protection as regular security patches and updates. Upgrading to supported products or replacing EOL devices should be considered the most effective long-term solution.

 

More About Deterministic Security for Embedded Systems with Sternum

Devices at EoL raise serious security concerns, mainly because the security measures they were designed with, which were sufficient at the time, are in many cases, no longer strong enough to withstand current hacker capabilities. That’s where Sternum comes in.

Sternum is an IoT security and observability platform. Embedded in the device itself, it provides deterministic security with runtime protection against known and unknown threats; complete observability that provides data about individual devices and the entire device fleet; and anomaly detection powered by AI to provide real-time operational intelligence.

Sternum operates at the bytecode level, making it universally compatible with any IoT device or operating system including RTOS, Linux, OpenWrt, Zephyr, Micirum, and FreeRTOS. It has low overhead of only 1-3%, even on legacy devices. 

To learn more about how we help device manufacturers streamline IoT security and and build scalable and reliable products, check out this customer webinar we did with Medtronic, one of the largest medical device manufacturers:

Learn more about Sternum for IoT security

JUMP TO SECTION

Enter data to download case study

By submitting this form, you agree to our Privacy Policy.