Critical bug in EoL D-Link NAS devices now exploited in attacks

Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached storage (NAS) devices.

Tracked as CVE-2024-10914, the command injection vulnerability was found by security researcher Netsecfish, who also shared exploitation details and said that unauthenticated attackers could exploit it to inject arbitrary shell commands by sending malicious HTTP GET requests to vulnerable NAS devices exposed online.

The attacks started after D-Link said on Friday that it wouldn't fix the security flaw because it only impacts end-of-life NAS models, warning customers to retire affected devices or upgrade them to newer products.

See more: https://www.bleepingcomputer.com/news/security/critical-bug-in-eol-d-link-nas-devices-now-exploited-in-attacks/

#cybersecurity #dlink #exploit

nostr:nevent1qqsqztcvy0tvdkkhxn62ytlca2e2z0thu4dnl479l89cndhj0hrrznsppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqpr3c9zt