November 19, 2024 at 01:03PM D-Link is advising customers to replace outdated VPN router models due to a serious, unpatched vulnerability that allows for unauthenticated remote code execution. This security flaw poses significant risks, and affected devices will not receive fixes. ### Meeting Takeaways: 1. **Security Alert from D-Link**: Customers are being advised about a … Read more
November 13, 2024 at 01:37PM A critical vulnerability (CVE-2024-10914) in D-Link end-of-life NAS devices allows unauthenticated command injection via malicious HTTP requests. D-Link has ceased support and advises customers to retire affected models. Despite warnings, attackers have begun exploiting this flaw, targeting over 41,000 exposed devices on the internet. ### Meeting Takeaways 1. **Critical Vulnerability … Read more
November 12, 2024 at 03:34PM D-Link routers, specifically the DSL6740C model, face critical vulnerabilities that allow remote attackers to take control, including password changes. D-Link will not address these issues, urging users to replace end-of-life devices. Several other high-severity vulnerabilities have also been identified, affecting around 60,000 exposed modems, primarily in Taiwan. ### Meeting Takeaways: … Read more
November 8, 2024 at 02:23PM Over 60,000 D-Link NAS devices are vulnerable to a critical command injection flaw (CVE-2024-10914). An attacker can exploit it via crafted HTTP GET requests. D-Link confirmed no fix will be provided and recommends retiring the affected devices or isolating them from the internet due to their end-of-life status. ### Meeting … Read more
August 8, 2024 at 08:35PM A BAE boffin discovered 3 critical flaws in Cisco’s Small Business SPA300 and SPA500 IP phones, none of which will be fixed. The flaws allow unauthenticated remote attackers to gain root privileges. Cisco won’t release updates as the products have entered the end-of-life process. No known exploits exist at this … Read more
June 5, 2024 at 04:03AM Zyxel has released security updates for two end-of-life network-attached storage devices to address critical flaws. The vulnerabilities could allow unauthenticated attackers to execute operating system commands and arbitrary code. Outpost24 security researcher Timothy Hjort discovered and reported the flaws. Users are urged to update to the latest version for optimal … Read more
June 4, 2024 at 01:35PM Zyxel Networks released an emergency security update addressing three critical vulnerabilities in older NAS devices reaching end-of-life. The flaws enable command injection, remote code execution, privilege escalation, and information disclosure. Outpost24 security researcher Timothy Hjort discovered and reported the vulnerabilities. Zyxel released fixes despite end-of-support, urging immediate application due to … Read more
April 11, 2024 at 12:52PM A 6-year-old vulnerability in Lighttpd web server used in Baseboard Management Controllers, overlooked by vendors like Intel and Lenovo, could lead to memory exfiltration, bypassing protection mechanisms. Binarly discovered a heap out-of-bounds read vulnerability and vendors missed the fix, leading to a massive number of vulnerable devices, with impacted models … Read more
April 8, 2024 at 06:23PM Attackers target over 92,000 unpatched end-of-life D-Link NAS devices with a critical remote code execution vulnerability. Exploiting a hardcoded account and command injection flaw, threat actors deploy a Mirai malware variant to create botnets for large-scale DDoS attacks. D-Link has ceased support for these devices, advising owners to retire or … Read more
February 1, 2024 at 04:06AM The US government conducted a major takedown of a botnet using end-of-life Cisco and Netgear routers that were exploited by Chinese state-backed hackers. The botnet, linked to the Chinese APT Volt Typhoon, targeted various sectors, and the FBI remotely seized control of infected routers. The operation aimed to delete malware … Read more