Critical Vulnerability in EOL D-Link NAS Devices Exploited in Attacks

by Justin Erickson

A critical command injection vulnerability in older D-Link NAS devices, tracked as CVE-2024-10914, is being actively exploited in attacks. The flaw affects over 60,000 devices globally, allowing remote attackers to execute arbitrary commands with elevated privileges. These devices have reached end-of-life (EOL) status, and D-Link has confirmed they will not issue a patch. Instead, the company recommends users replace legacy NAS models with newer, supported hardware to mitigate risks. The vulnerability highlights the security challenges associated with aging IoT devices. Cybersecurity experts urge users of affected devices to disconnect them from the internet and transition to more secure solutions as soon as possible.