Terramaster F4-424 Pro, F4-424 and F2-424 NAS for 2024

TerraMaster, arguably the value/affordable tier of the private NAS market, have revealed three new solutions that form the beginning of their 2024 series of devices – the Terramaster F4-424 Pro, F4-424 and F2-424 NAS. Arriving before their main competitors Synology, QNAP and Asustor, these new solutions are arriving with a more recent Intel N95 and N300 CPU series and will be available in 2-Bay and 4-Bay configurations.

Terramaster F4-424 Pro, F4-424 and F2-424 NAS – Hardware Specifications

At the core of the F2-424 and F4-424 models is the Intel Celeron N95 processor, a choice that balances power and efficiency. The F4-424 PRO, on the other hand, steps up the performance with the Intel Core i3 N300 processor, catering to more demanding tasks. Memory-wise, the F2-424 and F4-424 are equipped with 8 GB of DDR5 non-ECC SODIMM, while the F4-424 PRO doubles this capacity to 16 GB, enhancing its multitasking capabilities. Storage options vary across the models, with the F2-424 featuring two disk slots, suitable for personal or small office setups, and the F4-424 and F4-424 PRO offering four disk slots, providing more flexibility and capacity for intensive data storage needs.Here is a comparison table for the TerraMaster F2-424, F4-424, and F4-424 PRO NAS devices with the correct CPU specifications:

Feature/Specification	TerraMaster F2-424	TerraMaster F4-424	TerraMaster F4-424 PRO
Processor Model	Intel® Celeron N95	Intel® Celeron N95	Intel® Core i3 N300
Processor Architecture	X.86 64-bit	X.86 64-bit	X.86 64-bit
Processor Frequency	Max burst up to 3.4 GHz	Max burst up to 3.4 GHz	Max Turbo Frequency 3.80 GHz
Total Cores	4	4	8
Total Threads	4	4	8
System Memory	8 GB DDR5 non-ECC SODIMM	8 GB DDR5 non-ECC SODIMM	16 GB (Max, dependent on memory type)
Memory Slot Number	1 (DDR5 SODIMM)	1 (DDR5 SODIMM)	1
Maximum Supported Memory	32 GB DDR5 non-ECC SODIMM	32 GB DDR5 non-ECC SODIMM	16 GB
Disk Slot Number	2	4	4
Compatible Drive Types	3.5″ SATA HDD, 2.5″ SATA HDD/SSD	3.5″ SATA HDD, 2.5″ SATA HDD/SSD	3.5″ SATA HDD, 2.5″ SATA HDD/SSD
Maximum Internal Raw Storage Capacity	44 TB (22 TB x2)	88 TB (22 TB x4)	88 TB (22 TB x4)
Drive Hot Swap	Yes	Yes	Yes
External Ports	2 RJ-45 2.5GbE, 2 USB3.1, HDMI	2 RJ-45 2.5GbE, 2 USB3.1, HDMI	2 RJ-45 2.5GbE, 2 USB3.1, HDMI
Dimensions (HWD)	222 x 119 x 154 mm	222 x 179 x 154 mm	222 x 179 x 154 mm
Weight	2.2 kg	3.4 kg	3.4 kg
System Fan	80 x 80 x 25 mm	80 x 80 x 25 mm	120 x 120 x 25 mm
Noise Level	19.0 dB(A)	19.0 dB(A)	21.0 dB(A)
Power Supply	40 W	40 W	90 W
Power Consumption	22.0 W (active), 11.0 W (hibernation)	22.0 W (active), 11.0 W (hibernation)	33.0 W (active), 13.0 W (hibernation)
Operating Temperature	0°C to 40°C	0°C to 40°C	0°C to 40°C
Supported OS	Windows, Mac, Linux	Windows, Mac, Linux	Windows, Mac, Linux
Supported Browsers	Chrome, Firefox, Safari, Edge	Chrome, Firefox, Safari, Edge	Chrome, Firefox, Safari, Edge
Supported Mobile OS	iOS14.0+, Android 10.0+	iOS14.0+, Android 10.0+	iOS14.0+, Android 10.0+
Networking	TCP/IP, IPv4/IPv6, Link Aggregation, DLNA, VPN, DDNS	TCP/IP, IPv4/IPv6, Link Aggregation, DLNA, VPN, DDNS	TCP/IP, IPv4/IPv6, Link Aggregation, DLNA, VPN, DDNS
Security Features	Firewall, AES Encryption, RSA 2048	Firewall, AES Encryption, RSA 2048	Firewall, AES Encryption, RSA 2048
Price (Approximate)	$379	$499	$699

This table provides a detailed comparison across key features and specifications for these TerraMaster NAS models. A common thread among these TerraMaster NAS units is their robust build and reliable performance. Each model supports both 3.5″ SATA HDDs and 2.5″ SATA SSDs, ensuring versatility in storage media choices. Networking is a strong suit, with all models featuring 2.5GbE network jacks for faster data transfer speeds, and HDMI ports for direct video output. Compatibility with various operating systems including Windows, Mac, and Linux, alongside comprehensive security features like firewall protection and AES encryption, underscores their flexibility and security focus.

When assessing these models for purchase, potential buyers should consider their specific needs. The number of disk slots is a critical factor, with the F2-424’s two slots being ideal for less demanding storage requirements, while the four slots in the F4-424 and F4-424 PRO are better suited for larger storage pools and more intensive applications. The F4-424 PRO, with its superior Intel Core i3 N300 processor and expanded memory, is particularly geared towards business environments that require higher processing power and greater multitasking abilities.

Terramaster F4-424 Pro, F4-424 and F2-424 NAS – CPU Differences

The choice of CPU significantly influences the performance of these NAS units. The Intel Celeron N95, powering the F2-424 and F4-424, is a quad-core processor with a maximum turbo frequency of 3.4 GHz and a 6 MB cache, capable of efficiently handling everyday storage tasks. It supports both DDR4 and DDR5 memory types, up to a speed of 4800 MHz, and can manage 4K graphics output at 60Hz, making it suitable for media-heavy applications. The Intel Core i3 N300 in the F4-424 PRO is an 8-core powerhouse, offering a higher turbo frequency of 3.8 GHz, which translates into faster processing and more efficient handling of data-intensive tasks. This processor also supports the same memory types and speeds as the N95 but stands out with enhanced graphics capabilities, owing to a greater number of execution units and a higher maximum dynamic frequency.

Specification	Intel N95 CPU (F2-424 / F4-442)	Intel N300 CPU (F4-424 PRO)
Product Collection	Intel® Processor N-series	Intel® Core i3 Processor N-series
Code Name	Products formerly Alder Lake-N	Products formerly Alder Lake-N
Vertical Segment	Mobile	Mobile
Processor Number	N95	i3-N300
Lithography	Intel 7	Intel 7
Total Cores	4	8
Total Threads	4	8
Max Turbo Frequency	3.40 GHz	3.80 GHz
Cache	6 MB	6 MB Intel® Smart Cache
TDP	15 W	7 W
Max Memory Size	16 GB (dependent on memory type)	16 GB (dependent on memory type)
Memory Types	DDR4 3200 MT/s, DDR5 4800 MT/s, LPDDR5 4800 MT/s	DDR4 3200 MT/s, DDR5 4800 MT/s, LPDDR5 4800 MT/s
Max Memory Channels	1	1
ECC Memory Supported	No	No
GPU Name	Intel® UHD Graphics	Intel® UHD Graphics
Max Dynamic Frequency	1.20 GHz	1.25 GHz
Graphics Output	eDP 1.4b, DP 1.4, HDMI 2.1, MIPI-DSI 1.3	eDP 1.4b, DP 1.4, HDMI 2.1, MIPI-DSI 1.3
Execution Units	16	32
4K Support	Yes, at 60Hz	Yes, at 60Hz
Max Resolution (HDMI)	4096 x 2160@60Hz	4096 x 2160@60Hz
DirectX Support*	12.1	12.1
OpenGL Support*	4.6	4.6
OpenCL Support*	3.0	3.0
# of Displays Supported	3	3
PCI Express Lanes	9 Gen 3	9 Gen 3
USB Revision	2.0/3.2	2.0/3.2
TJUNCTION	105°C	105°C
Instruction Set	64-bit	64-bit
Advanced Technologies	Includes Intel® Gaussian & Neural Accelerator 3.0, Intel® Image Processing Unit 6.0, Intel® Speed Shift Technology, Intel® Virtualization Technology, etc.	Includes Intel® Gaussian & Neural Accelerator 3.0, Intel® Image Processing Unit 6.0, Intel® Speed Shift Technology, Intel® Virtualization Technology, etc.

Delving deeper into the usability aspects, all three models boast a user-friendly interface, making them accessible even to NAS novices. Their compatibility with various RAID configurations offers flexibility in data management and redundancy, crucial for data integrity and security. The inclusion of HDMI ports opens up possibilities for direct media playback, a feature that is particularly beneficial in home entertainment setups or digital signage applications. The TerraMaster NAS units also excel in connectivity options, with multiple USB and Ethernet ports providing the versatility needed in modern connected environments. This connectivity, coupled with their compact and sleek design, makes these NAS devices a fit for various settings, from home offices to more formal business environments.

Terramaster F4-424 Pro, F4-424 and F2-424 NAS – Should You Buy?

The TerraMaster’s F2-424, F4-424, and F4-424 PRO NAS units cater to a wide range of storage needs. The F2-424 and F4-424, with the Intel Celeron N95, are excellent choices for general home use and small offices, offering reliable performance for standard storage and media tasks. The F4-424 PRO, powered by the Intel Core i3 N300, is a step up, designed to meet the demands of business environments and power users who require enhanced processing power and expanded memory. This range from TerraMaster highlights a commitment to providing versatile, scalable storage solutions across different user needs and budget ranges, making them a noteworthy option in the NAS market.

SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE

 

Windows still includes some legacy protocols that pose significant security risks. This applies to SMBv1/CIFS, which Microsoft is gradually phasing out. While it is still present in new Windows versions, it is disabled by default. The audit feature can detect SMBv1 requests and assess whether the protocol is still required.

Azure Functions often require access to sensitive information. It is a security risk to store credentials in code or configuration files. Thus, protecting sensitive information like connection strings, API keys, or passwords is crucial. This is where Azure Key Vault comes in, offering secure and centralized storage for all your secrets. In this article, I will explain how to retrieve secrets from the Key Vault within an Azure Function using PowerShell.

Managed identities provide secure authentication for resources accessing other resources in Azure without requiring sensitive information such as secrets, credentials, and certificates to be handled. Microsoft Entra ID manages these identities, enabling applications to obtain tokens for authentication. In this post, I will provide an example that illustrates how to use system and user-assigned managed identities with PowerShell.

Security Onion is an open-source platform for threat hunting, security monitoring, and log management. It aggregates free tools such as Kibana, Elastic Fleet, InfluxDB, CyberChef, and Suricata. The solution provides access to these tools via a web console. I'll demonstrate how it can be used for analyzing Windows logs.

Usually, you want to secure your Windows account with a strong password or other authentication methods. However, there may be situations where you want to set up a Windows computer to log in automatically without requiring a password. If only one user operates a PC and the computer is physically protected from unauthorized access, you can afford the convenience of bypassing password login. Although Microsoft has reduced the auto-login options, enabling autologon in Windows 10/11 is still feasible.

If you are using an OPNsense firewall, you can configure WireGuard as a VPN server instead of OpenVPN. There are clients available for all major operating systems. Additionally, it is very fast and lightweight. You can easily install it as an OPNsense extension and configure it through the web console.

Sudo for Windows has been available since Build 26052 and is currently only accessible through the Windows Insiders program as part of preview builds for Windows 11. At this time, it appears that sudo will not come to Windows Server 2025. In this article, I explain how to use sudo in Windows 11 and compare Sudo for Windows with Runas, Gsudo, and Sudo for Linux.

SigCheck, part of the SysInternals suite, is a command-line utility offering security features such as verifying the digital file signature and calculating file hashes using multiple hashing algorithms.

OpenSSL is an open-source library and a command-line tool that helps admins and developers perform various cryptographic tasks, such as generating key pairs, certificate signing requests (CSR), verifying certificates, encrypting and decrypting data, identifying certificate information, verifying file integrity and much more. In this post, you will learn how to convert TLS certificates into different formats with OpenSSL.

Microsoft is known to regularly use its platform to push its software and cloud services onto users. They often provide only little value but tend to bloat the system or siphon off data. The latter applies to a number of Edge browser features. They are active by default but can be disabled via GPO.

Smart App Control on Windows 11 is a security feature that protects you from new threats by blocking malicious or untrusted apps. You may also use the feature to block any app you do not want. If you are wondering how to enable or disable Smart App Control in Windows 11, this article is for you.

How Do I Enable Smart App Control?

1. Open the Settings application by pressing the Windows + I keys.

2. Click Privacy & Security on the left and Windows Security on the right pane.

3. Click App & browser control.

4. Click the Smart App Control settings option.

5. Click On.

How Do I Disable Smart App Control?

1. Open the Settings application by pressing the Windows + I keys.

2. Click Privacy & Security on the left and Windows Security on the right pane.

3. Click App & browser control.

4. Click the Smart App Control settings option.

5. Click Off.

How Does Smart App Control Function?

Microsoft has an intelligent cloud-powered security service that predicts how safe applications are. When you enable Smart App Control, it consults this service anytime an application is run to determine its safety.

Smart App Control will automatically block the application once it is predicted to be unsafe or harmful.

Also, whenever the intelligent cloud-powered security service cannot predict an app’s safety, Smart App Control consults to see if the app has a valid signature and only allows it to run if the signature can be authenticated.

Why is Smart App Control Off by Default?

If you do not have a clean install of Windows 11, it is normal for Smart App Control to be disabled by default.

If this is the case, you must note that the only way to turn it on will be by clean installing your computer. This is because Microsoft needs to ensure that no untrusted apps are installed on the computer before using Smart App Control.

Get the Best Out of Smart App Control

In this guide, we have explored other important concepts related to Smart App Control, including how it operates, in addition to how to enable or disable It in Windows 11.

Will you feel safe using a computer without Smart App Control? Please let us know in the comment section below.

FAQs

The post Enable or Disable Smart App Control in Windows 11: Top Ways appeared first on Next of Windows.

Adding a PIN to a TPM protector helps safeguard BitLocker against known attacks. However, this additional security comes with a trade-off. It reduces the user's convenience, and they risk forgetting the PIN and consequently locking themselves out. In such cases, only the recovery key can unlock the drive.

A severe vulnerability (CVE-2024-3094) has been discovered in XZ Utils (5.6.0 or 5.6.1), a commonly used compression format. The vulnerability allows attackers to gain root access through SSH. XZ Utils is used in many Linux distributions; it is also available for Windows and has been incorporated into many other programs. Attackers can install programs, manipulate data, or create new accounts with full root privileges. While there are no reports of exploits in the wild, the potential impact is profound, and most Linux distributions have issued warnings. In this post, you will learn how to determine if your systems are affected and what to do if they are.

Ansible Vault allows you to encrypt sensitive data such as passwords, keys, and other secrets rather than storing them as plaintext in your playbooks or roles. In this tutorial, I will explain how to use Ansible Vault to encrypt and decrypt data during playbook runtime.

Microsoft PC Manager is a new Microsoft tool that helps improve Windows performance with features such as disk cleanup and startup program management. Additionally, it integrates with Microsoft Defender to provide security insights, ensuring that users have a comprehensive tool for both system optimization and protection.

Terramaster NAS Release TOS 6 in Beta

The release of Terramaster TOS 6 Beta for NAS devices marks a significant milestone in the evolution of NAS operating systems, with an array of new features and comprehensive improvements designed to enhance user experience, system performance, and security. This sixth iteration introduces a radically redesigned user interface and integrates more than 40 new functionalities while refining over 370 aspects, ensuring a top-tier upgrade for TNAS users.

Expanded Key Features and Improvements in TOS 6

• Linux Kernel 6.1 LTS Upgrade: Transitioning to the latest Linux kernel version, TOS 6 benefits from improved scheduling algorithms, enhanced memory management, superior file system support, optimized network performance, advanced security features, and better power management. This upgrade facilitates a more robust and efficient system, capable of handling the demands of both home and enterprise environments with ease.

• Revolutionized Docker Manager 2.0.16: This release introduces Docker Compose project management, adding a new dimension to container orchestration on TNAS devices. The addition of a container terminal and system notifications for Docker image operations streamlines container management. These enhancements, combined with UI and functionality optimizations, cater to developers and IT professionals seeking a versatile platform for containerized applications.

• File Manager Overhaul: With user feedback and industry best practices in mind, the File Manager has been retooled to offer an intuitive, efficient file navigation and management experience. Features such as enhanced directory navigation, column display mode for deep folder hierarchy exploration, tabbed browsing, adjustable thumbnail sizes, and a suite of new file operation tools significantly elevate user productivity.

• Online Disk Wiping: This new utility offers a straightforward solution for securely erasing all data from disks directly within the TOS interface, facilitating easy preparation of drives for repurposing or disposal without the need for external tools.
• Cloud Drive Mounting: Seamlessly integrate cloud storage services such as Google Drive, Dropbox, and more directly into TNAS. This feature enhances the flexibility of data access and management, allowing for efficient data synchronization and sharing between local and cloud storage.

• Security and Privacy Control (SPC): Introducing a robust security framework designed to prevent unauthorized execution of programs on TNAS devices. SPC enhances the overall security posture by ensuring only vetted and authorized applications can run, significantly reducing the risk of malware and ransomware infections.

• SMB Multichannel Support: By enabling multiple network connections for SMB file sharing, TOS 6 ensures higher data transfer speeds, improved reliability, and enhanced redundancy. This feature is particularly beneficial in multi-user environments where network performance directly impacts productivity.
• Direct Data Drive Mounting: Offering unparalleled convenience, this feature allows users to access data on external drives without the need for disk reformatting or repartitioning, preserving existing data while extending the storage capabilities of TNAS devices.
• Storage Pool Migration: Streamlines the process of migrating storage pools between TNAS devices, aiding users in hardware upgrades or replacements without the hassle of data migration or system reconfiguration.
• Advanced ACL Permissions: Delivers granular access control with 13 additional customizable permissions on top of the standard read, write, and deny options. This advanced permission management system enables precise control over data access, ensuring data security and compliance.

TOS 6 Beta System Enhancements

TOS 6 introduces a slew of system-wide enhancements aimed at delivering a more stable, secure, and user-friendly NAS operating environment:

• Performance and Stability: With the new Linux kernel and system optimizations, TOS 6 offers improved system stability and performance, ensuring that TNAS devices can handle intensive tasks and larger volumes of data more efficiently.
• Hardware and Innovation Support: Prepared for the future, TOS 6 includes support for the latest hardware innovations, such as Intel’s “Meteor Lake” chips, and introduces new data structures and error decoding capabilities for enhanced data processing and system reliability.
• Enhanced Security Measures: Building upon TerraMaster’s commitment to security, new features like customizable HTTPS certificates, optimized firewall rule settings, and the innovative SPC module significantly enhance the protection of user data against external threats.
• User Interface and Usability Improvements: From a streamlined desktop design and simplified navigation to a new “Start” menu and customizable user avatars, TOS 6 focuses on creating a more engaging and personalized user experience.
• Comprehensive Application and Service Enhancements: The update enriches the application ecosystem with new functionalities, improved file services, and advanced storage features, catering to a wide range of user needs from media indexing and scheduled task notifications to cross-platform data interoperability and USB storage device health management.

Through these extensive features and improvements, TOS 6 Beta not only advances the capabilities of TNAS devices but also sets a new standard for NAS operating systems, offering a sophisticated platform for storage, management, and security that meets the evolving needs of both individual and enterprise users.

How To Access the TOS 6 Beta – Update Instructions

Applicable models:
F2-221, F2-223, F2-422, F2-423, F2-424
F4-221, F4-223, F4-421, F4-422, F4-423, F4-424, F4-424 Pro, U4-111, U4-423
F5-221, F5-421, F5-422
T6-423
F8-421, F8-422, U8-111, U8-420, U8-423, U8-450, U8-322-9100, U8-522-9400, U8-722-2224
T9-423, T9-450
T12-423, T12-450, U12-423, U12-322-9100, U12-722-2224
U16-322-9100, U16-722-2224, U16-722-2288
U24-612, U24-722-2224

Applicable TOS Versions:
TOS 5.1.123 or later versions; if your device does not meet the update requirements, please do not update! Otherwise, system crashes may occur.

Precautions:
1. The Beta version is an early version of the program, containing most major functions but not yet completed, and may have some defects. This version is only released to specific groups or the general public for testing and feedback collection; the Beta version should not be used in work or production environments. If your TNAS device is running business operations or storing important data, please refrain from participating in this test.
2. Updating the system theoretically will not affect the data on your hard drive, but for safety reasons, please be sure to back up your data in advance.
3. After the update, if applications such as Plex, Emby, Aria2, etc., need to access new shared folders, you will need to reconfigure application user permissions.
4. Previously created firewall rules will be cleared, and you will need to create new firewall rules after the update.
5. If you are using port 5444, you will need to modify this port before updating.
6. After the update, TNAS will exit the domain, and you will need to rejoin the domain and refresh domain users.
7. After the update, if your encrypted shared file key contains special characters, you can only mount it by entering the key.
8. System configuration backups from TOS 5 cannot be restored to TOS 6.
9. Hyper Cache created before the update will become invalid after the update; it is recommended to uninstall Hyper Cache before updating.
10. Docker Manager versions 1.1.99 or earlier cannot run on TOS 6; please update Docker Manager before updating the system.

How to Update to TOS 6 Beta on Your Terramaster NAS?

1. Download the TOS 6 Beta update package: TOS 6 (md5:821b697ddb27dbc9c95ce2be398c791b)
2. Go to TOS > Control Panel > General Settings > System;
3. Under “Manual Update”, upload the update package;
4. Click “Apply”;
5. After the system update is complete, you will need to refresh your browser;
6. Your TNAS IP address may change after the system update. If you are unable to connect to your TNAS using the previous IP address, please use the TNAS PC client to search for the new IP address again.

Other Software Downloads:
TNAS PC for Windows OS: https://tos-downloads.oss-cn-hongkong.a … .1.352.exe
TNAS PC for macOS: https://download2.terra-master.com/TNAS … versal.dmg
TNAS Mobile for Android:https://download2.terra-master.com/TNAS … 3.2.31.apk
TNAS Mobile for iOS: Download from the iOS App Store. SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE

 

Severe D-Link Security Vulnerability Discovered – CVE-2024-3273 and CVE-2024-3274 Hard-Coded Credential Backdoor

The cybersecurity landscape has been significantly impacted by the discovery of two vulnerabilities in D-Link NAS devices, designated as CVE-2024-3273 and CVE-2024-3274. These vulnerabilities affect multiple (approx 92,000 internet facing devices, the bulk of which are UK based) D-Link NAS models that are no longer supported by the manufacturer due to their end-of-life (EOL) status. This detailed analysis aims to unpack the complexities of these vulnerabilities, their operational implications, and the necessary user responses.

Impact and Affected D-Link NAS Model:

The confirmed list of affected D-Link NAS models includes:

Model	Region	Hardware Revision	End of Service Life	Fixed Firmware	Conclusion	Last Updated
DNS-320L	All Regions	All H/W Revisions	05/31/2020	Not Available	Retire & Replace Device	04/01/2024
DNS-325	All Regions	All H/W Revisions	09/01/2017	Not Available	Retire & Replace Device	04/01/2024
DNS-327L	All Regions	All H/W Revisions	05/31/2020	Not Available	Retire & Replace Device	04/01/2024
DNS-340L	All Regions	All H/W Revisions	07/31/2019	Not Available	Retire & Replace Device	04/01/2024

These devices, pivotal in small office/home office (SOHO) environments for data storage and management, are now susceptible to remote attacks that could compromise sensitive data integrity, availability, and confidentiality.

CVE-2024-3273: Command Injection Vulnerability Explained

CVE-2024-3273 exposes a command injection flaw within the web interface of affected D-Link NAS devices. The vulnerability is located in the handling of the system parameter within the nas_sharing.cgi script, which improperly sanitizes user-supplied input. This oversight allows authenticated remote attackers to inject and execute arbitrary shell commands encoded in base64. The execution context of these commands is particularly concerning, as it typically runs under the web server’s privileges, potentially leading to unauthorized access to the system, modification of system settings, or initiation of a denial of service (DoS) attack.

Technical Dive into CVE-2024-3274: Hardcoded Credentials

CVE-2024-3274 reveals a hardcoded credential vulnerability, manifesting as a backdoor account (messagebus) embedded within the device firmware. This account, notably lacking a password, permits unauthenticated remote access to the device’s administrative interface. The presence of such hardcoded credentials significantly lowers the complexity of unauthorized device access, making it a critical vulnerability. This backdoor could be exploited in tandem with CVE-2024-3273 to elevate privileges or gain persistent access to the compromised device.

Who Found the D-Link Vulnerability?

The vulnerabilities were disclosed by a security researcher operating under the pseudonym “netsecfish,” who provided detailed technical insights and proof-of-concept (PoC) code. This disclosure highlighted the risk of widespread exploitation, given the estimated 92,000 devices exposed online across various regions, including the UK, Thailand, Italy, and Germany. The timing of the disclosure, subsequent to the affected models reaching their EOL, exacerbated concerns around feasible mitigation strategies.

You can find the full and very detailed outlining of the Vulnerability and Potential attack vector HERE on Netsecfish’s github listing

Mitigation Strategies for Users Who Are Still Using A D-LInk NAS

In light of D-Link’s stance on not providing firmware updates for EOL products, affected users are faced with limited mitigation options. The primary recommendation is the retirement and replacement of vulnerable devices. Interim measures, for those unable to immediately replace their devices, include isolating the NAS devices from the internet, implementing strict network segmentation, and employing firewall rules to restrict access to the management interface. Additionally, monitoring for unusual network activity can provide early detection of exploitation attempts.

D-Link Official Response

D-Link has acknowledged the vulnerabilities but emphasized the EOL status of the affected models, which precludes official firmware updates or patches. The company has issued advisories urging users to replace outdated devices with supported models. This situation underscores the importance of adhering to device lifecycle policies and maintaining an updated infrastructure to mitigate security risks.

You can see the full official D-Link Response HERE

At the time of writing, there is no mention of this on their social media pages. Hopefully this changes, as the potential 82,000 internet facing units in the wild need to be addressed.

Exploitation in the Wild of the hard-code credential D-Link Vulnerability

GreyNoise, a cybersecurity firm specializing in analyzing internet-wide scan traffic to identify threats, has provided valuable insights into the exploitation attempts of the D-Link NAS vulnerabilities. According to their analysis, a significant uptick in scan activity targeting the specific vulnerabilities CVE-2024-3273 and CVE-2024-3274 was observed shortly after their disclosure. This activity suggests that attackers are actively seeking out vulnerable D-Link NAS devices for exploitation. GreyNoise’s findings indicate that the exploitation attempts are not isolated incidents but part of a broader effort by malicious actors to identify and compromise affected devices. The data collected by GreyNoise highlights the real-world implications of these vulnerabilities and serves as a critical alert for organizations and individuals to take immediate protective actions against potential unauthorized access and exploitation of their D-Link NAS devices.

You can learn more about this on Greynoise’s official page on this matter HERE

The D-Link NAS Series is Still For Sale (Technically)

Despite the end-of-life status and known vulnerabilities of D-Link NAS models DNS-340L, DNS-320L, DNS-327L, and DNS-325, these devices continue to find a marketplace on platforms such as eBay and other online resale venues. This ongoing sale of used units poses a significant cybersecurity risk, as many sellers and buyers may not be fully aware of the devices’ vulnerability to exploits. Alarmingly, at the time of writing, it is reported that over 80,000 of these units remain actively internet-facing, directly exposing them to potential exploitation by attackers leveraging the CVE-2024-3273 and CVE-2024-3274 vulnerabilities. The persistence of these devices in active operational environments underscores the critical need for heightened awareness and proactive measures among current users. Potential buyers should be cautioned against acquiring these models, and existing users are strongly advised to consider secure alternatives that receive current manufacturer support and updates, mitigating the risk of compromise.

I own a Synology/QNAP NAS, Should I Care? How to Automatically Get Updated When Synology and QNAP NAS Vulnerabilities are Reported

Pretty much ALL of the brands in NAS, Data Storage and Cloud services have these security advisory pages, but the idea of checking these pages manually (i.e. bookmark etc) every day, week or month is too much of a hassle for many. On the other hand, they all arrive with an RSS feed link that allows users to subscribe to updates BUT many users are not even aware of how to apply an RSS feed (it’s a complex XML feed of text that needs to be injected into an appropriate RSS feed client/agent – so yeah, hardly noob friendly). So, in order to make this 1000x easier, I have (and by me, I mean Eddie the Web Guy spent time on it and I made this article!) made this page that will be constantly updated with the latest vulnerabilities reported on the popular NAS brands and storage-related manufacturers. It is still being built (so more brands are being added) but it will allow you to just chuck your email address below (will not be used for profit or spamming etc) and then you will get an alter EVERY TIME a new security vulnerability is updated by the brands (this is automated, so it will appear here as soon as it appears on the respective security advisory page). Additionally, there will be links back to the brand/manufacturer site so you can find out more about individual exploits and vulnerabilities, how they work, what they do and (most importantly) give you a better idea of whether you should update your NAS/Storage system or not. I hope you find it helpful and if you have any recommendations or idea of what we should add to this page/service to make it even better – let us know in the comments or directing here – https://nascompares.com/contact-us

Sign Up Below to Get Updates as New Vulnerabilities Are Reported

Find an updated vulnerability list here:

Comprehensive User Recommendations

Beyond immediate mitigation, users should consider several best practices for network device security:

• Conduct regular security audits of network devices.
• Update all devices to the latest firmware versions where possible.
• Employ network firewalls and intrusion detection systems to monitor and control inbound and outbound traffic.
• Practice the principle of least privilege by restricting device access to necessary personnel.

Conclusion

The vulnerabilities identified as CVE-2024-3273 and CVE-2024-3274 in D-Link NAS devices present significant security challenges. The absence of official firmware updates for these EOL products necessitates proactive user measures to mitigate risks. This analysis serves as a call to action for users to evaluate their network security posture critically, implement robust security measures, and ensure that all network-attached storage devices operate within their supported lifecycle.

SUBSCRIBE TO OUR NEWSLETTER
[contact-form-7]
Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

WE LOVE COFFEE

 

Google is rolling out a new Workspace feature that requires multiple admins to approve high-risk setting changes to prevent unauthorized or accidental modifications that could reduce security. [...]