CVE-2024-10916 – This vulnerability allows remote attackers to a... (How to Fix)

Q: What is the severity of CVE-2024-10916?

CVE-2024-10916 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows remote attackers to access sensitive information through an unauthenticated HTTP GET request to /xml/info.xml on affected D-Link NAS devices. The information disclosure could reveal system details that might aid further attacks. All users of affected D-Link NAS models with firmware up to October 28, 2024 are vulnerable.

📋 TL;DR

This vulnerability allows remote attackers to access sensitive information through an unauthenticated HTTP GET request to /xml/info.xml on affected D-Link NAS devices. The information disclosure could reveal system details that might aid further attacks. All users of affected D-Link NAS models with firmware up to October 28, 2024 are vulnerable.

💻 Affected Systems

Products:

D-Link DNS-320
DNS-320LW
DNS-325
DNS-340L

Versions: All versions up to 20241028

Operating Systems: Embedded NAS firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable as the /xml/info.xml endpoint is accessible without authentication.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain sensitive system information that could be used to plan targeted attacks, potentially leading to full system compromise through chained vulnerabilities.

🟠

Likely Case

Unauthenticated attackers access system information including version details, configuration data, and potentially credentials or other sensitive data exposed in the XML response.

🟢

If Mitigated

Information exposure limited to non-sensitive system details that don't enable further exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires only a simple HTTP GET request to the vulnerable endpoint. Public disclosure includes technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dlink.com/

Restart Required: No

Instructions:

Check D-Link website for firmware updates. If available, download latest firmware and apply through web interface.

🔧 Temporary Workarounds

Block access to /xml/info.xml

linux

Configure firewall or web server to block access to the vulnerable endpoint

iptables -A INPUT -p tcp --dport 80 -m string --string "/xml/info.xml" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "/xml/info.xml" --algo bm -j DROP

Restrict NAS access

all

Limit NAS access to trusted networks only

Configure firewall rules to allow only specific IP ranges to access NAS management interface

🧯 If You Can't Patch

Remove affected devices from internet-facing networks immediately
Implement network segmentation to isolate NAS devices from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Send HTTP GET request to http://[NAS_IP]/xml/info.xml and check if sensitive information is returned

Check Version:

Check firmware version in NAS web interface under System > Firmware

Verify Fix Applied:

After applying workarounds, verify the endpoint returns access denied or no sensitive data

📡 Detection & Monitoring

Log Indicators:

HTTP GET requests to /xml/info.xml from untrusted sources
Unusual access patterns to XML endpoints

Network Indicators:

HTTP traffic to NAS devices containing /xml/info.xml in URI
External IPs accessing NAS management interfaces

SIEM Query:

source="nas_logs" AND uri="/xml/info.xml" AND src_ip NOT IN (trusted_networks)

📊 Metadata

CVE ID: CVE-2024-10916

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

Published: November 6, 2024

Last Updated: November 8, 2024

🔗 References

https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.283311 Third Party Advisory
https://vuldb.com/?id.283311 Third Party Advisory
https://vuldb.com/?submit.432849 Third Party Advisory
https://www.dlink.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10916, you might also want to check these: