D-Link Vulnerability Audit – November 2024
Security Software VulnerabilityDiscover D-Link NAS Devices Vulnerable to CVE-2024-10914
D-Link has released a security bulletin addressing the command injection vulnerability tracked as CVE-2024-10914. The vulnerability received a critical CVSS score of 9.2 and affects several models of D-Link NAS devices. In this bulletin, D-Link states that no security updates will be released for the affected devices as the affected devices are all past their end-of-life date. Nonetheless, some of these devices are still widely used and users are advised to retire the affected models and replace them with newer ones. You can read more in our D-Link vulnerability blog post.
The report below will help you locate vulnerable NAS devices. This way you have an actionable overview of all affected devices that you still need your intervention.
Run the D-Link Vulnerability Audit Report Now!
D-Link NAS Vulnerability Audit Lansweeper On-Prem Query
Select Top 1000000 tblAssets.AssetID, tsysAssetTypes.AssetTypeIcon10 As Icon, tblAssets.AssetName, tblAssets.IPAddress, tblAssets.Description, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tsysIPLocations.IPLocation, Case When (tblAssetCustom.Model Like '%DNS%320%' and tblAssetCustom.Model not Like '%L%') Then '1.00' When tblAssetCustom.Model Like '%DNS%320LW%' Then '1.01.0914.2012' When tblAssetCustom.Model Like '%DNS%325%' Then '1.01 and 1.02' When tblAssetCustom.Model Like '%DNS%340L%' Then '1.08' End As AffectedVersion, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Firstseen, tblAssets.Lastseen From tblAssets Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Left Outer Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Left Outer Join tsysOS On tsysOS.OScode = tblAssets.OScode Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where tblState.Statename = 'Active' and tblAssetCustom.Manufacturer LIKE '%D%Link%'and ((tblAssetCustom.Model Like '%DNS%320%' and tblAssetCustom.Model not Like '%L%') or tblAssetCustom.Model Like '%DNS%320LW%' or tblAssetCustom.Model Like '%DNS%325%' or tblAssetCustom.Model Like '%DNS%340L%') ;