#1 Middle East & Africa Trusted Cybersecurity News & Magazine |

37 C
Dubai
Tuesday, July 1, 2025
HomeTopics 4Network Security90,000 D-Link NAS Devices Under Attack: Patch Now or Face Takeover Risk

90,000 D-Link NAS Devices Under Attack: Patch Now or Face Takeover Risk

Date:

Related stories

Google Urgently Patches CVE‑2025‑6554 Zero‑Day in Chrome 138 Stable Update

On 26 June 2025, Google rapidly deployed a Stable Channel update...

French Police Arrest Five Key Operators Behind BreachForums Data-Theft Platform

On 25 June 2025, France’s specialist cybercrime unit (BL2C) detained five...

Cybercriminals Weaponized Open-Source Tools in Sustained Campaign Against Africa’s Financial Sector

Since mid-2023, a cybercriminal cluster dubbed CL‑CRI‑1014 has been...

Critical TeamViewer Remote Management Flaw Allows SYSTEM‑Level File Deletion

A high‑severity vulnerability, CVE‑2025‑36537, has been identified in TeamViewer...
spot_imgspot_imgspot_imgspot_img

Attention home cloud storage users! Over 90,000 D-Link Network Attached Storage (NAS) devices are currently vulnerable to a critical security exploit. This puts sensitive data stored on these devices at risk of unauthorized access, encryption, or deletion.

Let’s delve into the details of this attack, the potential consequences, and how you can protect your data if you own a vulnerable D-Link NAS device.

Exposed Backdoor: A Recipe for Disaster

Security researchers have identified a critical vulnerability (CVE-2024-3273) in several D-Link NAS models, including the DNS-320L, DNS-327L, DNS-340L, and DNS-325. This vulnerability stems from a backdoor account with hardcoded credentials embedded within the device’s firmware. Hackers can potentially exploit this backdoor to gain remote access to the NAS device, steal or encrypt your data, or even install malware that could spread across your network.

D-Link Confirms Vulnerability, Patch Not Available

D-Link has acknowledged the vulnerability and issued a security advisory. Unfortunately, the affected NAS models have reached their end-of-life (EOL) and are no longer supported by D-Link. This means no security patches will be released to address this critical vulnerability.

10 Actionable Steps to Secure Your D-Link NAS (if applicable)

If you own a D-Link NAS model listed above (DNS-320L, DNS-327L, DNS-340L, or DNS-325), here are 10 critical steps to take:

  1. Disconnect the NAS from the internet: Immediately disconnect your NAS device from the internet to prevent remote attackers from exploiting the vulnerability.
  2. Backup your data: If possible, create a complete backup of your data stored on the NAS. Consider storing the backup on a separate, secure device.
  3. Consider migrating to a new NAS: Given the lack of security updates, strongly consider migrating your data to a new, supported NAS device from a reputable vendor with a strong commitment to security patches.
  4. Change NAS admin credentials: If you plan to continue using the vulnerable NAS (not recommended), change the administrator password for the NAS immediately. Use a strong, unique password and enable two-factor authentication (2FA) if available.
  5. Disable remote access: While your NAS is disconnected from the internet, consider disabling remote access features if you don’t absolutely need them. This reduces the attack surface for potential exploits.
  6. Scan for malware: If you continue using the vulnerable NAS, run a comprehensive malware scan on the device to identify any potential infections.
  7. Stay informed: Keep yourself updated on the latest cybersecurity threats and vulnerabilities. Subscribe to reputable security blogs or advisories.
  8. Invest in a VPN (Optional): If you must access your NAS remotely after taking it offline, consider using a reputable VPN service to add an extra layer of security.
  9. Prioritize strong passwords: Always use strong, unique passwords for all your online accounts, including your NAS device.
  10. Be cautious of suspicious links: Phishing emails can be used to trick you into clicking malicious links that could compromise your NAS or other devices.

Conclusion

The D-Link NAS vulnerability highlights the importance of using up-to-date hardware and software. If you rely on a NAS device for your home cloud storage, ensure it comes from a reputable vendor with a proven track record of providing security updates. By following these recommendations and prioritizing cybersecurity best practices, you can significantly reduce the risk of falling victim to similar attacks in the future.

Ouaissou DEMBELE
Ouaissou DEMBELEhttp://cybercory.com
Ouaissou DEMBELE is a seasoned cybersecurity expert with over 12 years of experience, specializing in purple teaming, governance, risk management, and compliance (GRC). He currently serves as Co-founder & Group CEO of Sainttly Group, a UAE-based conglomerate comprising Saintynet Cybersecurity, Cybercory.com, and CISO Paradise. At Saintynet, where he also acts as General Manager, Ouaissou leads the company’s cybersecurity vision—developing long-term strategies, ensuring regulatory compliance, and guiding clients in identifying and mitigating evolving threats. As CEO, his mission is to empower organizations with resilient, future-ready cybersecurity frameworks while driving innovation, trust, and strategic value across Sainttly Group’s divisions. Before founding Saintynet, Ouaissou held various consulting roles across the MEA region, collaborating with global organizations on security architecture, operations, and compliance programs. He is also an experienced speaker and trainer, frequently sharing his insights at industry conferences and professional events. Ouaissou holds and teaches multiple certifications, including CCNP Security, CEH, CISSP, CISM, CCSP, Security+, ITILv4, PMP, and ISO 27001, in addition to a Master’s Diploma in Network Security (2013). Through his deep expertise and leadership, Ouaissou plays a pivotal role at Cybercory.com as Editor-in-Chief, and remains a trusted advisor to organizations seeking to elevate their cybersecurity posture and resilience in an increasingly complex threat landscape.

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

spot_imgspot_imgspot_imgspot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here