D-Link refuses to patch a security flaw on over 60,000 NAS devices — the company instead recommends replacing legacy NAS with newer models


According to Netsecfish’s Notion site (h/t BleepingComputer), the vulnerability is in the account_mgr.cgi script, where they could add the malicious input in the name parameter to execute the exploit. This issue is tracked in the National Vulnerability Database (NVD) as CVE-2024-10914 and declared a critical flaw with a severity score 9.2.

Read More


thumb-image

Solutions