D-Link DNR-322L Vulnerability: Download of Code Without Integrity Check

The D-Link DNR-322L has been identified with a critical vulnerability that allows for the download of code without an integrity check. This flaw could enable an authenticated attacker to execute operating system-level commands on the device, posing significant security risks.

Key Details:

Vulnerability Type: Download of code without integrity check
CWE Reference: CWE-494
Impact: Potential execution of OS-level commands by authenticated attackers
Product Status: The affected devices may be end-of-life (EoL) or end-of-service (EoS), and users are advised to discontinue their use.

Recommended Actions:

Users should apply mitigations as per D-Link's instructions and follow the applicable guidance from BOD 22-01 for cloud services. If mitigations are not available, it is strongly recommended to discontinue the use of the DNR-322L.

While it is currently unknown if this vulnerability has been exploited in ransomware campaigns, the potential for abuse underscores the importance of addressing this issue promptly.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security

Sharing is caring!
Share

Tweet LinkedIn