November 12, 2024 at 03:34PM D-Link routers, specifically the DSL6740C model, face critical vulnerabilities that allow remote attackers to take control, including password changes. D-Link will not address these issues, urging users to replace end-of-life devices. Several other high-severity vulnerabilities have also been identified, affecting around 60,000 exposed modems, primarily in Taiwan. ### Meeting Takeaways: … Read more
November 8, 2024 at 02:23PM Over 60,000 D-Link NAS devices are vulnerable to a critical command injection flaw (CVE-2024-10914). An attacker can exploit it via crafted HTTP GET requests. D-Link confirmed no fix will be provided and recommends retiring the affected devices or isolating them from the internet due to their end-of-life status. ### Meeting … Read more
June 29, 2024 at 11:24AM Hackers are exploiting a critical vulnerability (CVE-2024-0769) in D-Link DIR-859 WiFi routers to access sensitive data, including account information and passwords. Despite the router being end-of-life, D-Link has released a security advisory warning about the flaw in the “fatlady.php” file. This issue poses a significant security risk, and users are … Read more
April 12, 2024 at 07:36AM The recently disclosed D-Link NAS device vulnerabilities, assigned 2 identifiers, are being exploited, prompting D-Link to urge customers to replace affected devices. Exploitation attempts increased to 140 unique IPs, and Shadowserver Foundation reported seeing over 150 IPs attempting to exploit the vulnerabilities. GreyNoise reported roughly 5,500 impacted devices, while Shadowserver … Read more
April 9, 2024 at 06:06AM An unpatched vulnerability affecting D-Link NAS devices (CVE-2024-3273) is being exploited in the wild. The vulnerability allows unauthenticated attackers to execute arbitrary commands, potentially leading to information theft or system configuration alteration. D-Link confirmed affected models, with exploitation attempts already observed. CISA is aware of 16 D-Link product vulnerabilities exploited … Read more
April 9, 2024 at 02:15AM Security flaws in legacy D-Link NAS devices are being exploited by threat actors, impacting over 92,000 internet-exposed devices. The vulnerabilities allow arbitrary command execution, potentially leading to unauthorized access and denial-of-service conditions. No patches are expected, and users are advised to replace affected devices or firewall remote access. Attackers are … Read more