Hackers have taken advantage of recently discovered vulnerabilities in network-attached storage (NAS) devices manufactured by D-Link, according to researchers. The vulnerabilities, which were revealed two weeks ago, have allowed hackers to remotely commandeer vulnerable devices, potentially putting approximately 92,000 devices at risk.

The researchers found that the vulnerabilities could be exploited by sending malicious commands through simple HTTP traffic. The security flaws have been flagged as severe, with one vulnerability carrying a severity rating of 9.8 out of 10. The first vulnerability involves a backdoor account enabled by hardcoded credentials, while the second vulnerability is a command-injection flaw that can be remotely activated with a simple HTTP GET request.

The researchers have made the information public after discovering that D-Link has no plans to release patches for the vulnerabilities. The affected devices are considered end-of-life, meaning they are no longer supported by the manufacturer. The lack of support leaves these devices vulnerable to exploitation.

In recent days, the researchers have detected active attempts to exploit the vulnerabilities. Greynoise, an organization monitoring the exploitation, reported that the activity began around 02:17 UTC on Sunday. The attacks aimed to download and install various pieces of malware on the vulnerable devices, depending on their specific hardware profile. One such malware has been detected by 40 endpoint protection services.

Shadowserver, a security organization, has also observed scanning and exploits from multiple IP addresses but has not provided further details. The vulnerabilities originate from the nas_sharing.cgi programming interface of the affected devices, making it an ideal target for remote takeover.

Netsecfish, the researcher who disclosed the vulnerabilities, demonstrated how hackers could remotely commandeer these devices by sending specific HTTP requests. The exploits took advantage of hardcoded credentials and allowed the execution of arbitrary commands on the system. As a result, unauthorized access to sensitive information, modification of system configurations, or denial of service conditions could occur.

D-Link issued an advisory last week acknowledging the vulnerabilities. The affected devices include those that are no longer supported by the manufacturer. It is crucial for users of D-Link NAS devices to take immediate action to protect themselves against potential attacks.

It is recommended that affected users either upgrade to supported devices or implement additional security measures, such as segmenting the devices from the rest of the network and using a firewall to restrict access. Stay vigilant and ensure that all devices have the latest firmware updates installed to mitigate the risk of exploitation.

The exploitation of these vulnerabilities highlights the ongoing importance of cybersecurity and the need for prompt action from both manufacturers and users to address vulnerabilities to ensure the safety of networked devices.