Security News > 2024 > April > Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks
Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage devices exposed online and unpatched against a critical remote code execution zero-day flaw.
Mirai variants are usually designed to add infected devices to a botnet that can be used in large-scale distributed denial-of-service attacks.
The spokesperson added that these NAS devices do not have automatic online updating or alert delivery capabilities, making it impossible to notify the owners of these ongoing attacks.
"If US consumers continue to use these devices against D-Link's recommendation, please make sure the device has the last known firmware," D-Link warned.
What D-Link didn't say is that NAS devices shouldn't be exposed online since they are commonly targeted in ransomware attacks to steal or encrypt data.
Over 92,000 exposed D-Link NAS devices have a backdoor account.
News URL
Related news
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks (source)