A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
D-Link NAS devices contain an improper access control vulnerability in the disk management CGI interface that allows remote attackers to manipulate disk-related functions. The vulnerability affects multiple DNS and DNR models up to firmware version 20260205 and could enable unauthorized access to storage management operations.
يؤثر هذا الضعف على وظائف متعددة لإدارة الأقراص في أجهزة التخزين الشبكية D-Link بما في ذلك إعادة التشغيل والحالة والفحص والإعادة البناء. يسمح الضعف بالوصول غير المصرح به عن بعد إلى عمليات إدارة التخزين الحساسة. تم نشر استغلال الضعف علناً مما يزيد من خطر الهجمات.
D-Link NAS devices contain an improper access control vulnerability in the disk management CGI interface that allows remote attackers to manipulate disk-related functions. The vulnerability affects multiple DNS and DNR models up to firmware version 20260205 and could enable unauthorized access to storage management operations.
Update firmware to version after 20260205 for all affected D-Link NAS models (DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04). Restrict network access to the management interface using firewall rules and disable remote access if not required. Monitor access logs for suspicious disk management operations.
تحديث البرنامج الثابت إلى إصدار أحدث من 20260205 لجميع أجهزة D-Link NAS المتأثرة. تقييد الوصول إلى واجهة الإدارة باستخدام قواعد جدار الحماية وتعطيل الوصول البعيد إذا لم يكن مطلوباً. مراقبة سجلات الوصول للعمليات المريبة.