D-Link won’t fix critical flaw affecting 60,000 older NAS devices
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. [...]
Stay updated on D-Link's latest information security news, insights, and updates with in-depth analysis and expert opinions.
Search across headline titles and summaries.
Background for this topic.
D-Link makes networking and connected devices such as home and small-business routers, access points, switches, cameras, and network-attached storage. These products matter in information security because they sit at network boundaries or hold sensitive traffic, video, and files. Security advisories usually apply to a particular model, hardware revision, and firmware version—not to every D-Link device.
Commonly relevant weaknesses include flaws in web administration, authentication bypass, command injection, and exposed management services. An internet-facing or end-of-life device may remain exploitable when updates are unavailable or unapplied, while cameras and storage systems can expose private content if access controls fail. Defenders should inventory exact models and firmware, apply applicable updates, replace unsupported equipment, restrict administration to trusted networks, disable unnecessary remote management and UPnP, and change default credentials. Logs and network telemetry can help identify suspicious administration or unexpected outbound connections from affected devices.
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. [...]