D-Link says it won’t fix a serious security flaw affecting 60,000 older NAS devices

Estimated read time 2 min read




  • A critical vulnerability has been found in multiple D-Link models
  • Since the devices have reached end-of-life status, they won’t be patched
  • Mitigations are available, although users are advised to replace the devices

D-Link says it won’t fix a critical vulnerability plaguing tens of thousands of network-attached storage (NAS) devices because they have reached their end of life.

Recently, a vulnerability with a 9.2 severity score (critical) was found in multiple models of D-Link NAS devices. Tracked as CVE-2024-10914 it was described as a command injection exploit that allows threat actors to inject arbitrary shell commands. By sending a specially crafted HTTP GET request to the device, the crooks could cause significant system compromise, remotely.



Source link

You May Also Like

More From Author

+ There are no comments

Add yours