D-Link is advising owners of expired NAS devices to replace them with newer ones due to security vulnerabilities that are being actively exploited. The devices, which reached their end-of-service date years ago, have a backdoor enabled by hardcoded credentials , allowing attackers to remotely execute code on the device. User data is believed to be at risk. The vulnerabilities were first published by a researcher on March 26, who recommended applying vendor patches that would never arrive.

Over 92,000 vulnerable devices were found facing the internet, with the majority in the UK

D-Link NAS Devices Security Vulnerabilities Backdoor Hardcoded Credentials Remote Code Execution User Data

