Got An Old D-Link NAS Device? Dump It Just Like D-Link Has!
DNS-340L, DNS-320L, DNS-327L, and DNS-325 All Need To Go
There are four models of D-Link NAS, all of which have hit end of service, which should definitely be immediately disconnected if you have them attached to anything. All four have a backdoor with a 9.8 severity rating and there is no fix coming. D-Link has stood by their recommendation to replace the devices with new models, as they have no plans to reverse their decision to no longer support EoS devices.
The flaw is unlikely not something you can fix on your own, it’s a hard coded username with no password and that username is well known across the net. The user on these four models has enough permissions to trigger remote code execution, which will lead to all sort of nightmares for those who have data stored on the device.
Up to you if you replace them with another D-Link device, or if you might want to shop around a little bit!
Source link