D-Link NAS¿¡ Ä¡¸íÀûÀÎ º¸¾È Ãë¾àÁ¡ÀÌ ¹ß°ßµÇ¾î ´ëÀÀ¿¡ ³ª¼¹´Ù.
À̹ø ¿¡ ¹ßÇ¥µÈ Ãë¾àÁ¡ CVE-2024-10914 Àº 'cgi_user_add' ¸í·É¿¡¼ ¹ß°ß, Ư¼ö Á¦ÀÛµÈ HTTP GET ¿äûÀ» ÅëÇØ ¹ßµ¿µÉ ¼ö ÀÖÀ¸¸ç, ÇØ´ç ‘m¿Àº 'name' ¸Å°Üº¯¼ö¸¦ Á¦´ë·Î Á¤¸®ÇÏÁö ¸øÇØ °ø°ÝÀÚ°¡ ¼¿ ¸í·ÉÀ» ÁÖÀÔÇÒ ¼ö ÀÖ´Ù.
ÇØ´ç Ãë¾àÁ¡Àº DNS-320, DNS-320LW, DNS-325, DNS-340LÀÇ Æß¿þ¾î 20241028 ÀÌÀü ¹öÀüÀÌ ¼³Ä¡µÈ ¸ðµ¨¿¡¼ ¹ß°ßµÇ¾ú´Ù. ´ÜÁö, D-Link´Â À̵é Á¦Ç°ÀÇ Áö¿øÀÌ Á¾·áµÇ¾î ¼öÁ¤ Æß¿þ¾î¸¦ Á¦°øÇÏÁö ¾Ê´Â´Ù´Â ¹æħÀ» ¾Ë·ÈÀ¸¸ç, Áö¿ø Á¾·áµÈ Á¦Ç°¿¡ ´ëÇÑ Æß¿þ¾î °³¹ßÀº ÀÌ·ïÁöÁö ¾Ê´Â´Ù´Â »ç½ÇÀ» °øÁöÇß´Ù.
ÇÑÆí, NIST(National Institute of Standards and Technology)´Â CVE-2024-10914 Ãë¾àÁ¡ÀÇ À§Çèµµ¸¦ CVSS ¹öÀü 4 ±âÁØ Ä¡¸íÀû(Critical)À¸·Î ºÐ·ùÇÏ¿´À¸¸ç, NIST¿Í D-LinkÀÇ ¹ßÇ¥ ³»¿ëÀº °¢ »çÀÌÆ®¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù. |