Vulnerabilities

Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure  

Exploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices. 

D-Link vulnerabilities

A few days after D-Link informed customers that it will not patch a vulnerability found recently in some of its legacy network-attached storage (NAS) devices, the Shadowserver Foundation started seeing in-the-wild exploitation attempts aimed at the flaw.

The vulnerability, tracked as CVE-2024-10914, has been described as a command injection issue that allows an unauthenticated, remote attacker to inject arbitrary shell commands via specially crafted HTTP GET requests.

NetSecFish last week disclosed the details of the vulnerability and noted that there had been over 61,000 internet-exposed D-Link NAS devices. 

D-Link has identified 20 impacted DNS series NAS models and urged their owners to replace the devices as they have reached end of life (EOL) and they will not receive security patches for CVE-2024-10914. 

D-Link published an advisory on November 8 and the Shadowserver Foundation started seeing exploitation attempts targeting CVE-2024-10914 on November 12. 

The non-profit cybersecurity organization has seen roughly 1,100 internet-exposed devices that could be vulnerable to attacks, a majority located in Europe.  

Advertisement. Scroll to continue reading.

It’s not uncommon for threat actors to target D-Link NAS device vulnerabilities. Earlier this year, a different D-Link NAS product vulnerability disclosed by NetSecFish was exploited in attacks just days after its disclosure. 

D-Link router vulnerabilities have also been targeted by threat groups in recent years. 

Related: Critical Zimbra Vulnerability Exploited One Day After PoC Release

Related: D-Link Warns of Code Execution Flaws in Discontinued Router Model

Related: Recent Zyxel NAS Vulnerability Exploited by Botnet

Related Content

Ransomware

The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released.

Vulnerabilities

The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product.

Malware & Threats

The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling.

ICS/OT

CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog.

ICS/OT

The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.

Vulnerabilities

CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching.

Vulnerabilities

The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.

Network Security

Cisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version