tldr - powered by Generative AI

• Unauthenticated attackers can exploit hardcoded credentials and command injection vulnerabilities in D-Link NAS devices.
• D-Link has not released patches for the vulnerabilities due to end-of-life status of affected products.
• Attack attempts have increased, with over 150 unique IPs and Mirai-like botnets targeting vulnerable devices.
• Cybersecurity agencies like CISA have added the vulnerabilities to their Known Exploited Vulnerabilities catalog, urging government agencies to address them.
• Approximately 2,400 to 5,500 devices are currently impacted by the vulnerabilities.