D-Link NAS Improper Access Control Vulnerability

A vulnerability exists in multiple D-Link NAS models, including the DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04, all running firmware prior to 20260205. The vulnerability allows unauthorized access to several functions in the '/cgi-bin/dsk_mgr.cgi' file, including 'FMT_restart', 'Status_HDInfo', 'SMART_List', 'ScanDisk_info', 'ScanDisk', 'volume_status', 'Get_Volume_Mapping', 'FMT_check_disk_remount_state', 'FMT_rebuildinfo', 'FMT_result_list', 'FMT_result_list_phy', 'FMT_get_dminfo', 'FMT_manually_rebuild_info', and 'Get_current_raidtype'. This improper access control can be exploited remotely, leading to unauthorized actions such as rebooting the device or accessing sensitive disk and device status information.

Impact

Exploitation of this vulnerability allows for improper access control, enabling unauthorized users to access restricted functions and information on the affected NAS devices. This could lead to unauthorized device reboots or disclosure of sensitive system and storage status data, which could be used for further attacks.

Reproduction

The vulnerability can be reproduced by sending a request to the 'FMT_restart' interface without authentication, which will result in an unauthorized reboot of the device. Alternatively, accessing any of the other mentioned interfaces without authentication will expose sensitive device and disk status information.