Hackers Targeting 92,000 Unpatched D-Link Devices; Users Advised to Replace Outdated Hardware
-
Hackers actively exploiting critical vulnerabilities in 92,000 end-of-life D-Link NAS devices. Allow remote takeover.
-
D-Link won't patch vulnerabilities since devices are end-of-life. Advises users to replace hardware.
-
Attackers seen attempting to download malware onto vulnerable devices. Exploits initiated Sunday UTC.
-
Vulnerabilities allow arbitrary command execution via HTTP requests. CVE-2024-3272 and CVE-2024-3273.
-
Best defense is to replace outdated hardware or ensure firmware is fully updated. Disable UPnP and remote connections if possible.