Description Preview
A vulnerability has been identified in D-Link NAS devices including DNS-320, DNS-320LW, DNS-325, and DNS-340L up to version 20241028. This vulnerability is classified as an information disclosure issue and affects an unspecified part of the /xml/info.xml file within the HTTP GET Request Handler component. Exploitation of this vulnerability can lead to unauthorized access to sensitive information. The attack vector is remote, meaning that attackers can exploit this vulnerability over a network connection. The exploit for this vulnerability has been publicly disclosed, increasing the risk of exploitation.
Overview
The vulnerability is due to improper access controls in the affected D-Link NAS devices, allowing remote attackers to manipulate the /xml/info.xml file and disclose sensitive information. The vulnerability has been assigned CVE-2024-10916 and has a CVSS base score of 6.9, indicating a medium severity issue. The affected products include DNS-320, DNS-320LW, DNS-325, and DNS-340L with firmware version 20241028.
Remediation
To mitigate this vulnerability, users of the affected D-Link NAS devices should consider the following remediation steps:
- Update the firmware: D-Link should release a security patch addressing the information disclosure vulnerability. Users should promptly update their devices to the latest firmware version that includes the fix.
- Restrict network access: Implement network segmentation and access controls to limit remote access to the vulnerable components of the NAS devices.
- Monitor for unauthorized access: Regularly monitor network traffic and system logs for any suspicious activities that may indicate exploitation of the vulnerability.
References
- VDB-283311 | D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure
- VDB-283311 | CTI Indicators (IOB, IOC, TTP, IOA)
- Submit #432849 | D-Link DNS-320, DNS-320LW, DNS-325, DNS-340L Version 1.00, Version 1.01.0914.2012, Version 1.01, Version 1.02, Version 1.08 Information Disclosure
- Information Disclosure Vulnerability Report in xml info.xml for D-Link NAS
- D-Link Official Website
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
