What's new

News [Ars] Critical takeover vulnerabilities in EOL'd D-Link NASes are being exploited

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

Dan Goodin

Guest
"Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday.

Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability came to light two weeks ago. The researcher said they were making the threat public because D-Link said it had no plans to patch the vulnerabilities, which are present only in end-of-life devices, meaning they are no longer supported by the manufacturer."

Continue reading on Ars Technica
 
Last edited by a moderator:
"Vulnerabilities" is a polite way of saying that, once again, D-Link has shipped products with deliberate backdoors implemented, with hardcoded credentials. Same thing happened a few years ago with some of their routers.

Software bugs are one thing. Backdoors and hardcoded credentials are another.
 
D-Link; when you don't care about network security in the least.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top