CVE-2024-10914

CVE-2024-10914: vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. https://t.co/Cg8hB1jof3 https://t.co/9JI6vNy8Qt

🔴 Alerta para empresas: D-Link no solucionará una falla crítica en modelos NAS antiguos. Más de 60.000 dispositivos NAS de D-Link están en riesgo debido a una vulnerabilidad crítica (CVE-2024-10914) con una gravedad de 9,2/10. https://t.co/w6ngjGDzVQ

CVE-2024-10914 : D-Link Network Attached Storage 'name' DNS-3$versions - Unauthenticated OS Command Injection (RCE) POC : https://t.co/mk8YfiSCWP https://t.co/zvCBmqDd5I

В окремих девайсах D-Link знайшли критичну вразливість на 9.8 балів (RCE) CVE-2024-10914. Але патча від компанії не буде, тому що життєвий цикл девайсів закінчився два місяці тому. Єдиний вихід - купити нові девайси

⚠️ Exploiting CVE-2024-10914 - Command Injection Flaw in D-Link NAS Devices (CVSS 9.2). 📢 Important: Apply network restrictions and monitor for suspicious activity. 🔍 FOFA Query: app="D_Link-DNS-ShareCenter" https://t.co/c1L49tuYkE

🚨 CVE-2024-10914: Command Injection in D-Link NAS Devices (PoC) https://t.co/sjvAnagEJR via @YouTube

⚠️ Exploiting CVE-2024-10914 - Command Injection Flaw in D-Link NAS Devices (CVSS 9.2). 📢 Important: Apply network restrictions and monitor for suspicious activity. 🔗 Watch the PoC: https://t.co/ELzptHsxtH 🔍 FOFA Query: app="D_Link-DNS-ShareCenter" #CyberSecurity #CVE2024 ht

Actively exploited CVE : CVE-2024-10914

Actively exploited CVE : CVE-2024-10914

D-Link NAS にコマンド・インジェクションの脆弱性 CVE-2024-10914：61,000台以上のシステムに影響 https://t.co/xK3W8rtBwh #DLink #NAS #Storage #Vulnerability

🎙️ RadioCSIRT #97 : Vos news quotidiennes Cybersécurité – Lundi 18 novembre 2024 📷 Les hackers ciblent les acheteurs du Black Friday 📷 Phishing via des fichiers SVG 📷 Exploitation CVE-2024-10914 lien : https://t.co/mZ3ok2Argm https://t.co/sxCH6SuCSZ

Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices https://t.co/E8p96yfmEr The exploitation of the recently disclosed ‘won’t fix’ issue CVE-2024-10914 in legacy D-Link NAS devices began days after its disclosure.   Days after D-Link announced it wouldn’t p…

You're using outdated D-Link NAS? Then you're a target. CVE-2024-10914 lets attackers run shell commands on your exposed device. D-Link won’t fix it, they already called it dead tech. Retire it or upgrade. Shadowserver saw exploitation begin Nov 12. You're either ready, or done.

D-Link製NASデバイスの重大な欠陥が悪用される パッチリリース予定なし：CVE-2024-10914 https://t.co/zZRDAdAN9R #izumino_trend

Gravi vulnerabilità nei NAS e modem D-Link per assenza di patch su dispositivi EOL Sicurezza Informatica, attacchi informatici, CVE-2024-10914, CVE-2024-11068, cybersecurity, D-Link, dispositivi, DSL6740C, EOL, modem, NAS, vulnerabilità https://t.co/5XJ5iRrdr1 https://t.co/c9UZ72

【おわり】D-Link社旧式NASの重大(Critical)な脆弱性CVE-2024-10914が悪用され出した。未認証での細工されたGETリクエストによるコマンドインジェクション。Shadowserver報告では11/12から悪用の試行を観測。D−Link社公式によると自動更新や通知機能は無いため打つ手なし。 https://t.co/uFELfHxpX0

Actively exploited CVE : CVE-2024-10914

به تازگی برای D-Link network-attached storage (NAS) آسیب پذیری با کد شناسایی CVE-2024-10914 منتشر شده است. نمره این آسیب پذیری 9.2 بوده و اکسپلویت آن نیز به صورت عمومی در دسترس می باشد. این آسیب پذیری باعث اجرای command یا همان command execution می شود. https://t.co/Y2P1U3epiq

Aumento explotación de inyección de comandos en D-Link NAS CVE-2024-10914 ↪️/cgi-bin/account_mgr.cgi https://t.co/2roCyKzZhS https://t.co/Zb67TMM3Qe

We have observed D-Link NAS CVE-2024-10914 /cgi-bin/account_mgr.cgi command injection exploitation attempts starting Nov 12th. This vuln affects EOL/EOS devices, which should be removed from the Internet: https://t.co/o2BsBwkIlI We see ~1100 exposed. https://t.co/0ZhIHSXqVZ ht

Attenzione: Oltre 60.000 dispositivi NAS D-Link colpiti da una pericolosa vulnerabilità (CVE-2024-10914, punteggio CVSS 9.2)! I modelli DNS-320, DNS-320LW, DNS-325 e DNS-340L sono esposti a iniezioni di comandi tramite una lacuna nella sicurezza. D-Link non rilascerà patch… https

友讯（D-Link）确认不会修复高危漏洞CVE-2024-10914，影响逾6万台旧型号NAS设备。公司已停止支持这些设备，建议用户退役或脱离公网。你认为厂商应对旧设备的安全漏洞负责吗？ https://t.co/yn28JPDAh2 https://t.co/fHD5JSNLzQ

Cost savings are not always good, in fact injurious to cyber security, when preferred over retiring old IT assets D-Link announced 20NAS Models End-of-Life End-of-Service CVE-2024-10914 Command Injection Vulnerability #CyberSec #hacking #vapt #dlink https://t.co/ymU72B142p

DIGITAL GRAVEYARD ALERT: 60k+ D-Link NAS devices dance with doom! Critical flaw (CVE-2024-10914) lets ANYONE inject shell commands. No fix coming - it's abandon ship or sail the dangerous seas! 🏴‍☠️ #cybersecurity #infosec https://t.co/zUNZZUazUo

D-Link won’t fix critical flaw affecting 60,000 older NAS devices: https://t.co/27a1x7I0oz More than 60,000 D-Link NAS devices are vulnerable to a critical command injection flaw (CVE-2024-10914) with a severity score of 9.2. The vulnerability allows unauthenticated attackers to

D-Link won’t fix critical flaw affecting 60,000 older end-of-life NAS devices. The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score with a publicly available exploit. https://t.co/9G7mlnPjxH https://t.co/Fs0OU3pAJb

D-Link社のNAS6万台以上に影響する重大(Critical)な脆弱は修正されない。公式発表。保守期限切れ(EoL)のため。CVE-2024-10914はCVSSスコア9.2で、細工されたHTTP GETによるコマンドインジェクション。FOFA読みでは92,589台が露出。 https://t.co/znEoSpBGet

csirt_it: ‼ #DLink: disponibile un #PoC per lo sfruttamento della CVE-2024-10914 che interessa alcuni modelli di #NAS Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔗 https://t.co/0x7MsTY3O5 ⚠ Importante mantenere aggiornati i sistemi https://t.co/963N3xK2Hk

#exploit 1. CVE-2024-49681: WP Sessions Time Monitoring Full Automatic <=1.0.9 - Unauthenticated SQLI https://t.co/TqXahOZAcq 2. CVE-2024-10914: D-Link NAS Command Injection https://t.co/p3RvTxYpCf 3. CVE-2024-50483: WP Meetup 0.1 Authentication Bypass https://t.co/95eOMb0bx

CVE-2024-10914 : D-Link won’t fix critical flaw affecting 60,000 older NAS devices GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND>;%27 https://t.co/3wqK4ZKryc

#exploit 1. CVE-2024-49681: WP Sessions Time Monitoring Full Automatic <=1.0.9 - Unauthenticated SQLI https://t.co/NEXFvOrbMh 2. CVE-2024-10914: D-Link NAS Command Injection https://t.co/ZTSIUmY2Xy 3. CVE-2024-50483: WP Meetup 0.1 Authentication Bypass https://t.co/IIdHn4fAd

CVE-2024-10914 is rated at a CVSS score of 9.2. It affects the following @Dlink-branded NAS devices that are commonly used by small businesses: •DNS-320 Version 1.00 •DNS-320LW Version 1.01.0914.2012 •DNS-325 Version 1.01,  Version 1.02 •DNS-340L Version 1.08 As of this… https:

🚨 CVE-2024-10914 (Published: 2024-11-06) affects D-Link products. Vulnerable versions are at risk of exploitation. To safeguard your systems, ensure you update to the latest firmware and apply all security patches. Stay secure! 🔒 More info: https://t.co/XiniVtuLec… https://t.co

🚨 CVE-2024-10914 (Published: 2024-11-06) affects D-Link devices. Exploited versions include several models vulnerable to unauthorized access. 🔒 Remediation: Update to the latest firmware available on the D-Link support page. Stay secure! More info: https://t.co/XiniVtuLec… http

🚨 CVE-2024-10914 (Published: 2024-11-06) affects D-Link products. Vulnerable versions are at risk of exploitation. To protect your systems, ensure you update to the latest firmware and apply all recommended security patches. Stay secure! 🔒 More info: https://t.co/XiniVtuLec… ht

🚨 CVE-2024-10914 (Published: 2024-11-06) affects D-Link products. Vulnerable versions include several models that could be exploited. To safeguard your systems, ensure you update to the latest firmware and follow D-Link's remediation guidelines. Stay secure! 🔒 More info:… https

🚨 CVE-2024-10914 (Published: 2024-11-06) - A critical command injection vulnerability affects D-Link NAS devices. Exploited versions include specific models. Remediation: Update to the latest firmware immediately to secure your device. More info: https://t.co/hcJJh0m2bt… https:/

🚨 CVE-2024-10914 (Published: 2024-11-06) - A critical command injection vulnerability has been discovered in D-Link NAS devices. Affects specific versions. Remediation is crucial! For detailed info and mitigation steps, check out: https://t.co/hcJJh0m2bt #CyberSecurity #DLink

🚨 CVE-2024-10914 (Published: 2024-11-06) - A critical command injection vulnerability affects D-Link NAS devices. Exploited versions include specific models vulnerable through the 'name' parameter. Remediation is essential! Check the details here: https://t.co/hcJJh0m2bt… https:

🚨 CVE-2024-10914 (Published: 2024-11-06) - A critical command injection vulnerability affects D-Link NAS devices. Ensure your systems are updated to the latest firmware to mitigate risks. For detailed remediation steps, check out the full report: https://t.co/hcJJh0m2bt… https:/

🚨 CVE-2024-10914 (Published: 2024-11-06) - A critical command injection vulnerability affects D-Link NAS devices. Ensure your systems are updated to the latest firmware to mitigate risks. For detailed remediation steps, check out the full report: https://t.co/hcJJh0m2bt… https:/

D-Link no reparará un fallo crítico que afecta a 60.000 dispositivos NAS antiguos ℹ️ CVE-2024-10914 ➡️ curl "http://[Target-IP]/cgi-bin/account_mgr.cgi cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND>;%27" https://t.co/elm9iVCvgI https://t.co/MuBWYT4uKc

cve-2024-10914 GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND>;%27 FOFA：app =D_Link-DNS-ShareCenter #exploit #poc #IoT https://t.co/7Hbk6csKS4

D-Link NAS Devices affected by a Critical flaw CVE-2024-10914 #DLink #NasDevice #CVE-2024-10914 https://t.co/qmU592KvY7

🚨 CVE-2024-10914 (CVSS 9.2): Command Injection Flaw Threatens 61,000+ D-Link NAS Devices A critical command injection flaw (CVSS 9.2) threatens 61,000+ D-Link NAS devices. If you're using DNS-320, DNS-320LW, DNS-325, or DNS-340L, read on. Sensitive data could be at risk! The…

⚠️⚠️ CVE-2024-10914 (CVSS 9.2): Command Injection Flaw in D-Link NAS Devices 🎯61k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/BXt3b0Hlx2 FOFA Query:app="D_Link-DNS-ShareCenter" 🔖Refer: https://t.co/eQOUCUrHEx https://t.co/HFPHbmxT

D-Link社NASに重大(Critical)な脆弱性。CVE-2024-10914はCVSSv4スコア9.2のコマンドインジェクション脆弱性。CGIスクリプトにおける無害化処理の不備により、未認証の攻撃者が細工されたGETリクエストにより任意コマンドを実行可能。 https://t.co/CVEDZWUw1l

CVE-2024-10914 Critical Remote OS Command Injection in D-Link DNS Devices A critical vulnerability exists in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L up to version 20241028. The issue affects the cgi_user... https://t.co/zsdZmyvaUc

[CVE-2024-10914: CRITICAL] Critical vulnerability found in D-Link DNS devices up to 20241028 allows remote OS command injection via manipulation of cgi_user_add function. Public exploit disclosed.#cybersecurity,#vulnerability https://t.co/sFKh1ejBp3 https://t.co/qSSuKU9Vz4