The exploitation of unpatched D-Link NAS device vulnerabilities is on the rise, posing a significant threat to network security.
- Unauthenticated attackers can exploit hardcoded credentials and command injection vulnerabilities in D-Link NAS devices.
- D-Link has not released patches for the vulnerabilities due to end-of-life status of affected products.
- Attack attempts have increased, with over 150 unique IPs and Mirai-like botnets targeting vulnerable devices.
- Cybersecurity agencies like CISA have added the vulnerabilities to their Known Exploited Vulnerabilities catalog, urging government agencies to address them.
- Approximately 2,400 to 5,500 devices are currently impacted by the vulnerabilities.