#NASVulnerability

Critical bug in EoL D-Link NAS devices now exploited in attacks

by

November 13, 2024 at 01:37PM A critical vulnerability (CVE-2024-10914) in D-Link end-of-life NAS devices allows unauthenticated command injection via malicious HTTP requests. D-Link has ceased support and advises customers to retire affected models. Despite warnings, attackers have begun exploiting this flaw, targeting over 41,000 exposed devices on the internet. ### Meeting Takeaways 1. **Critical Vulnerability … Read more

Zyxel warns of multiple critical vulnerabilities in NAS devices

by

November 30, 2023 at 10:17AM Zyxel has patched critical security vulnerabilities in its NAS devices that risked unauthorized command execution and data compromise. Users of NAS326 and NAS542 models must update their firmware to versions V5.21(AAZF.15)C0 and V5.21(ABAG.12)C0 or later, respectively, as there are no alternative mitigations. **Takeaways from Meeting Notes:** 1. **Issue Identification:** Zyxel … Read more