NVD disclosure day

Published threat advisories for April 4, 2024

CVE advisoryKnown Exploit

CVE-2024-3273

D-Link NAS Command Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Certain D-Link network-attached storage devices are affected by a command injection vulnerability that can lead to unauthorized command execution. These products are no longer supported by the vendor and should be retired, posing a business risk due to potential system compromise. <hr> A command injection vulnerability

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2024-3272

D-Link NAS Devices Hard-Coded Credentials Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

Certain D-Link network-attached storage devices are affected by a hard-coded credential vulnerability that could allow remote attackers to gain unauthorized access and execute commands. Affected products are end-of-life and unsupported, making replacement the recommended action to mitigate risk.

NVD published: • CISA KEV