Security News > 2024 > April > Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks

Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage devices exposed online and unpatched against a critical remote code execution zero-day flaw.
Mirai variants are usually designed to add infected devices to a botnet that can be used in large-scale distributed denial-of-service attacks.
The spokesperson added that these NAS devices do not have automatic online updating or alert delivery capabilities, making it impossible to notify the owners of these ongoing attacks.
"If US consumers continue to use these devices against D-Link's recommendation, please make sure the device has the last known firmware," D-Link warned.
What D-Link didn't say is that NAS devices shouldn't be exposed online since they are commonly targeted in ransomware attacks to steal or encrypt data.
Over 92,000 exposed D-Link NAS devices have a backdoor account.
News URL
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical GitHub Attack (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)