Summary:
-
Unpatched Vulnerability
D-Link confirmed it will not issue a fix for a critical flaw (CVE-2024-10914) affecting over 60,000 older NAS devices used by small businesses. -
Flaw Details
The flaw allows unauthenticated attackers to execute arbitrary commands through unsanitized HTTP requests, posing significant security risks. -
Affected Models
The flaw impacts multiple D-Link NAS models, including DNS-320 and DNS-340L, with over 61,000 vulnerable devices discovered. -
Security Recommendations
D-Link advises users to either retire the affected devices or isolate them from public internet access to reduce exposure. -
Previous Vulnerabilities
In addition to the current flaw, earlier this year, a similar command injection flaw was discovered, further complicating the security landscape for these devices.
Read more at: BleepingComputer
!