Another reason why not use official D-Link firmware for DNS NAS

[Duke]

More than fifty vulnerabilities in D-Link NAS and NVR devices

http://www.search-lab.hu/advisories/secadv-20150527

SEARCH-LAB performed an independent security assessment on four different D-Link devices. The assessment has identified altogether 53 unique vulnerabilities in the latest firmware (dated 30-07-2014). Several vulnerabilities can be abused by a remote attacker to execute arbitrary code and gain full control over the devices. ...

 ... We also reported two other authentication bypass vulnerabilities (CVE-2014-7857) to D-Link; but since these problems have not been addressed correctly yet, we will only publish them after 22/06/2015. ...

Affected devices:
Main targeted devices during the assessment:

• DNS-320, Revision A: 2.03, 13/05/2013
• DNS-320L, 1.03b04, 11/11/2013
• DNS-327L, 1.02, 02/07/2014
• DNR-326, 1.40b03, 7/19/2013

Other devices were influenced by one or more vulnerabilities:

• DNS-320B, 1,02b01, 23/04/2014
• DNS-345, 1.03b06, 30/07/2014
• DNS-325, 1.05b03, 30/12/2013
• DNS-322L, 2.00b07

Solution:
Most of the vulnerabilities were fixed in:

• DNS-320L 1.04.B12
• DNS-327L 1.03.B04

Some of the vulnerabilities were fixed in:

• DNR-326 2.10.B03
• DNR-322L 2.10.B03

[notoneofmy]

On 15-06-03 7:20 PM, Duke wrote:
> More than fifty vulnerabilities in D-Link NAS and NVR devices
> http://www.search-lab.hu/advisories/secadv-20150527
>
> SEARCH-LAB performed an independent security assessment on four different
> D-Link devices. The assessment has identified altogether 53 unique
> vulnerabilities in the latest firmware (dated 30-07-2014). Several
> vulnerabilities can be abused by a remote attacker to execute arbitrary
> code and gain full control over the devices. ...

We should save this post as a file and simply hand it over to those who
come asking questions like, why is Alt-F better, or why should I use it,
etc.

Great work.

And thanks.