#CVE202410914

Critical bug in EoL D-Link NAS devices now exploited in attacks

by

November 13, 2024 at 01:37PM A critical vulnerability (CVE-2024-10914) in D-Link end-of-life NAS devices allows unauthenticated command injection via malicious HTTP requests. D-Link has ceased support and advises customers to retire affected models. Despite warnings, attackers have begun exploiting this flaw, targeting over 41,000 exposed devices on the internet. ### Meeting Takeaways 1. **Critical Vulnerability … Read more

D-Link won’t fix critical flaw affecting 60,000 older NAS devices

by

November 8, 2024 at 02:23PM Over 60,000 D-Link NAS devices are vulnerable to a critical command injection flaw (CVE-2024-10914). An attacker can exploit it via crafted HTTP GET requests. D-Link confirmed no fix will be provided and recommends retiring the affected devices or isolating them from the internet due to their end-of-life status. ### Meeting … Read more