D-link critical vulnerability advisory (#623)

Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>

docs/advisories/20240410001-D-Link-Critical-Vulnerability.md

@@ -0,0 +1,29 @@
+# D-Link Critical Vulnerability - 20240410001
+
+## Overview
+
+The described vulnerability affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others. The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hardcoded credentials, and a command injection vulnerability via the system parameter. 
+
+This exploitation could lead to arbitrary command execution on the affected D-Link NAS devices, granting attackers potential access to sensitive information, system configuration alteration, or denial of service, by specifying a command,affecting over 92,000 devices on the Internet.
+
+## What is vulnerable?
+
+| CVE                                                             | Severity | CVSS | Product(s) Affected |
+| --------------------------------------------------------------- | -------- | ---- | ------------------- |
+| [CVE-2024-3273](https://nvd.nist.gov/vuln/detail/CVE-2024-3273) | N/A | Not yet rated  | **DNS-320L**, **DNS-325**, **DNS-327L** **and** **DNS-340L upto 20240403** |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [D-Link Security Announcement](https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383)
+
+## Additional References
+
+- [Github - dlink](https://github.com/netsecfish/dlink)
+- [VulDB](https://vuldb.com/?ctiid.259284)
+- [Tenable](https://www.tenable.com/cve/CVE-2024-3273)