Oddbean

D-Link won’t fix critical bug in 60,000 exposed EoL modems Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device. The vulnerability was discovered in the D-Link DSL6740C modem by security researcher Chaio-Lin Yu (Steven Meow), who reported it to Taiwan’s computer and response center (TWCERTCC). It is worth noting that the device was not available in the U.S. and reached end-of-service (EoS) phase at the beginning of the year. See more: https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/ #cybersecurity #dlink nostr:nevent1qqsdepw3x9z978x4smw0ell7l574h4qcdd6u4ape287kkmtcavn67zspzpmhxue69uhkummnw3ezumt0d5hsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqs7x8rk2

Critical bug in EoL D-Link NAS devices now exploited in attacks Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-10914, the command injection vulnerability was found by security researcher Netsecfish, who also shared exploitation details and said that unauthenticated attackers could exploit it to inject arbitrary shell commands by sending malicious HTTP GET requests to vulnerable NAS devices exposed online. The attacks started after D-Link said on Friday that it wouldn't fix the security flaw because it only impacts end-of-life NAS models, warning customers to retire affected devices or upgrade them to newer products. See more: https://www.bleepingcomputer.com/news/security/critical-bug-in-eol-d-link-nas-devices-now-exploited-in-attacks/ #cybersecurity #dlink #exploit nostr:nevent1qqsqztcvy0tvdkkhxn62ytlca2e2z0thu4dnl479l89cndhj0hrrznsppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqpr3c9zt