Published: April 9, 2024


A command injection vulnerability and a backdoor account have been discovered in D-Link NAS devices DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others. Attackers are able to compromise a large number of devices that are in need of immediate attention. 


Attackers will be able to get unauthorized access to devices without proper authentication due to the presence of the backdoor. The attacker will also be able to execute arbitrary commands on the system. 

Applicable Versions

Affected VersionsNot Affected Versions
DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013 

DNS-325 Version 1.01 

DNS-327L Version 1.09, Version 1.00.0409.2013 

DNS-340L Version 1.08 
These products have reached EOL/EOS and you must contact D-Link support. 

Mitigations and Workarounds

Since the DNS-320L, DNS-325, DNS 327L and DNS-340 have reached end of life and end of support, you must contact D-Link support to get a solution. 

Best Practices

Install security updates for all the devices in the network. Upgrade or replace the systems before end of support. 

Netsurion Detection and Response

Netsurion’s vulnerability management system is working with the vendors to update the vulnerability scanners to detect for customers who have subscribed to Netsurion Vulnerability Management.