FortiNDRCloud
SaaS based NDR solution providing 365 days data retention, along with Technical Success Manager
nchow
Staff
Staff
Article Id 329139

Description 

CVE-2024-3272 relies on the use of a user account present by default on all the impacted D-Link NAS models. These NAS Devices use Hard-Coded Credentials. The vulnerability CVE-2024-3273 allows a remote command injection on impacted D-link NAS devices.

By combining CVE-2024-3273 vulnerability with CVE-2024-3272, it is possible to send commands remotely without any authentication, making this attack very dangerous because attackers could steal sensitive data on these NAS devices and further use it for Ransomware attacks.

D-Link DIR-600 routers contain a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2014-100005) that allows an attacker to change router configurations by hijacking an existing administrator session.

CVE-2021-40655 is a D-Link DIR-605 router Information Disclosure vulnerability that allows attackers to obtain a username and password by forging a post request.

D-Link Go-RT devices are vulnerable to Buffer Overflow vulnerability (CVE-2022-37055).

CVE ID    

CVE-2024-3272 (https://nvd.nist.gov/vuln/detail/CVE-2024-3272)
CVE-2024-3273 (https://nvd.nist.gov/vuln/detail/CVE-2024-3273)
CVE-2014-100005 (https://nvd.nist.gov/vuln/detail/CVE-2014-100005)
CVE-2021-40655 (https://nvd.nist.gov/vuln/detail/CVE-2021-40655)
CVE-2022-37055 (https://nvd.nist.gov/vuln/detail/CVE-2022-37055)

NDR Cloud Detection Rule

FortiNDR Cloud v2024.6+

Detection Rule Name

Category

Primary MITRE ID

FortiGuard Outbreak Alert: : D-Link DIR-800 Services getcfg API Information Disclosure - CVE-2021-40655

Attack: Exploitation

T1190 -  Exploit Public-Facing Application

FortiGuard Outbreak Alert: D-Link Go-RT-AC750 Buffer Overflow - CVE-2022-37055

Attack: Exploitation

T1190 -  Exploit Public-Facing Application

FortiGuard Outbreak Alert: D-Link NAS Device nas_sharing CGI Remote Code Injection - CVE-2024-3273

Attack: Exploitation

T1190 -  Exploit Public-Facing Application

Playbook 

N/A

Threat hunting

N/A

Suricata Coverage

N/A

Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to
https://www.fortiguard.com/outbreak-alert/d-link-multiple-devices-attack

Contributors