Today, CISA added two new vulnerabilities to their Known Exploited Vulnerabilities Catalog, both for multiple NAS devices from D-Link. The two vulnerabilities are:
• Use of hard-coded credentials - CVE-2024-3272, and
• Command injection - CVE-2024-3273
NOTE: Both of the links above apply to both vulnerabilities.
While not included in the KEV addition notice, the CVE record for -3273 includes the following in the KEV notice for the CVE:
“This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.”
On an odd note (and a brief commentary on the continuing
NVD.NIST.gov problems) only the -3273 CVE entry notes that the CVE has been
listed in the KEV Catalog. The -3272 entry currently (2113 EDT, 4-11-24) does
not mention that the CVE has been so listed.
Posts
No comments:
Post a Comment