{"id":55800,"date":"2024-04-09T14:33:10","date_gmt":"2024-04-09T14:33:10","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35760\/Critical-Takeover-Vulns-In-92-000-D-Link-Devices-Under-Active-Exploitation.html"},"modified":"2024-04-09T14:33:10","modified_gmt":"2024-04-09T14:33:10","slug":"critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/","title":{"rendered":"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/exploit-800x534.jpg\" alt=\"Photograph depicts a security scanner extracting virus from a string of binary code. Hand with the word &quot;exploit&quot;\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/04\/hackers-actively-exploit-critical-remote-takeover-vulnerabilities-in-d-link-devices\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">79<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 601:single\/related:62bfb4fc61dc389bffac378449deb6a3 --><!-- empty --><\/p>\n<p>Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday.<\/p>\n<p>Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability <a href=\"https:\/\/github.com\/netsecfish\/dlink\">came to light<\/a> two weeks ago. The researcher said they were making the threat public because D-Link said it had no plans to patch the vulnerabilities, which are present only in end-of-life devices, meaning they are no longer supported by the manufacturer.<\/p>\n<h2>An ideal recipe<\/h2>\n<p>On Monday, researchers said their sensors began detecting active attempts to <a href=\"https:\/\/infosec.exchange\/@greynoise\/112236315274772968\">exploit the vulnerabilities<\/a> starting over the weekend. Greynoise, one of the organizations reporting the in-the-wild exploitation, said in an email that the activity began around 02:17 UTC on Sunday. The attacks attempted to download and install one of several pieces of malware on vulnerable devices depending on their specific hardware profile. One such piece of malware is <a href=\"https:\/\/www.virustotal.com\/gui\/file\/1b1f226a2de6581606a6aa9249c9d89b9c771a14e02022371405396c278da62d\">flagged<\/a> under various names by 40 endpoint protection services.<\/p>\n<p>Security organization Shadowserver has also <a href=\"https:\/\/twitter.com\/Shadowserver\/status\/1777303654242062428\">reported<\/a> seeing scanning or exploits from multiple IP addresses but didn\u2019t provide additional details.<\/p>\n<p>The vulnerability pair, found in the nas_sharing.cgi programming interface of the vulnerable devices, provide an ideal recipe for remote takeover. The first, tracked as CVE-2024-3272 and carrying a severity rating of 9.8 out of 10, is a backdoor account enabled by credentials hardcoded into the firmware. The second is a command-injection flaw tracked as CVE-2024-3273 and has a severity rating of 7.3. It can be remotely activated with a simple <a href=\"https:\/\/www.w3schools.com\/tags\/ref_httpmethods.asp\">HTTP GET<\/a> request.<\/p>\n<p>Netsecfish, the researcher who disclosed the vulnerabilities, demonstrated how a hacker could remotely commandeer vulnerable devices by sending a simple set of HTTP requests to them. The code looks like this:<\/p>\n<pre class=\"language-bash\"><code>GET \/cgi-bin\/nas_sharing.cgiuser=messagebus&amp;passwd=&amp;cmd=15&amp;system=&lt;BASE64_ENCODED_COMMAND_TO_BE_EXECUTED&gt;<\/code><\/pre>\n<p>In the exploit example below, the text inside the first red rectangle contains the hardcoded credentials\u2014username messagebus and an empty password field\u2014while the next rectangle contains a malicious command string that has been base64 encoded.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/d-link-exploit.jpg\" class=\"enlarge\" data-height=\"471\" data-width=\"1193\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/d-link-exploit-640x253.jpg\" width=\"640\" height=\"253\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/d-link-exploit.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">netsecfish<\/div>\n<\/figcaption><\/figure>\n<p>\u201cSuccessful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to sensitive information, modification of system configurations, or denial of service conditions,\u201d netsecfish wrote.<\/p>\n<p>Last week, D-Link published an <a href=\"https:\/\/supportannouncement.us.dlink.com\/security\/publication.aspx?name=SAP10383\">advisory<\/a>. D-Link confirmed the list of affected devices:<\/p>\n<table border=\"1\" width=\"980\" cellspacing=\"1\" cellpadding=\"1\">\n<tbody>\n<tr>\n<td><span><span><strong>Model<\/strong><\/span><\/span><\/td>\n<td><span><span><strong>Region<\/strong><\/span><\/span><\/td>\n<td><span><span><strong>Hardware Revision<\/strong><\/span><\/span><\/td>\n<td><span><span><strong>End of Service Life<br \/><\/strong><\/span><\/span><\/td>\n<td><span><span><strong>Fixed Firmware<\/strong><\/span><\/span><\/td>\n<td><span><span><strong>Conclusion<\/strong><\/span><\/span><\/td>\n<td><span><span><strong>Last Updated<\/strong><\/span><\/span><\/td>\n<\/tr>\n<tr>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\">DNS-320L<\/span><\/td>\n<td><span><span>All Regions<\/span><\/span><\/td>\n<td><span><span>All H\/W Revisions<\/span><\/span><\/td>\n<td>05\/31\/2020 : <a href=\"https:\/\/legacy.us.dlink.com\/pages\/product.aspx?id=5182449a065f43329cc66a09d43b1c79\">Link<\/a><\/td>\n<td>&nbsp;<span>Not Available<\/span><\/td>\n<td><span><span>Retire &amp; Replace Device<br \/><\/span><\/span><\/td>\n<td>04\/01\/2024<\/td>\n<\/tr>\n<tr>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\">DNS-325<\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span><span>All Regions<\/span><\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span><span>All H\/W Revisions<\/span><\/span><\/span><\/td>\n<td>09\/01\/2017 : <a href=\"https:\/\/legacy.us.dlink.com\/pages\/product.aspx?id=33414e5df798424eb1c5b5e23a88f98c\">Link<\/a><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span>Not Available<\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span><span>Retire &amp; Replace Device<\/span><\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\">04\/01\/2024<\/span><\/td>\n<\/tr>\n<tr>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\">DNS-327L<\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span><span>All Regions<\/span><\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span><span>All H\/W Revisions<\/span><\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\">05\/31\/2020 : <a href=\"https:\/\/legacy.us.dlink.com\/pages\/product.aspx?id=cc564abbd17c44d184b718dc8eb43784\">Link<br \/><\/a><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span>Not Available<\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span><span>Retire &amp; Replace Device<\/span><\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\">04\/01\/2024<\/span><\/td>\n<\/tr>\n<tr>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\">DNS-340L<\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span><span>All Regions<\/span><\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span><span>All H\/W Revisions<\/span><\/span><\/span><\/td>\n<td>07\/31\/2019 : <a href=\"https:\/\/legacy.us.dlink.com\/pages\/product.aspx?id=f826f93dfa974aaba4a777badc9dcd81\">Link<\/a><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span>Not Available<\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\"><span><span>Retire &amp; Replace Device<\/span><\/span><\/span><\/td>\n<td><span id=\"ctl00_cphContent_DetailViewSupportArticleVersion_rptDetailViewSections_ctl01_rptDetailViewFields_ctl04_lblField\">04\/01\/2024<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>According to netsecfish, Internet scans found roughly 92,000 devices that were vulnerable.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/fofa-result.png\" class=\"enlarge\" data-height=\"2354\" data-width=\"3762\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/fofa-result-640x400.png\" width=\"640\" height=\"400\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/fofa-result-1280x801.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">netsecfish<\/div>\n<\/figcaption><\/figure>\n<p>According to the Greynoise email, exploits company researchers are seeing look like this:<\/p>\n<pre class=\"language-bash\"><code>GET \/cgi-bin\/nas_sharing.cgi?dbg=1&amp;cmd=15&amp;user=messagebus&amp;passwd=&amp;cmd=Y2QgL3RtcDsgcLnNo HTTP\/1.1<\/code><\/pre>\n<p>Other malware invoked in the exploit attempts include:<\/p>\n<p>The best defense against these attacks and others like them is to replace hardware once it reaches end of life. Barring that, users of EoL devices should at least ensure they\u2019re running the most recent firmware. D-Link provides this dedicated support page for legacy devices for owners to locate the latest available firmware. Another effective protection is to disable UPnP and connections from remote Internet addresses unless they\u2019re absolutely necessary and configured correctly.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35760\/Critical-Takeover-Vulns-In-92-000-D-Link-Devices-Under-Active-Exploitation.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":55801,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[968],"class_list":["post-55800","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-09T14:33:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/exploit-800x534.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation\",\"datePublished\":\"2024-04-09T14:33:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/\"},\"wordCount\":575,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation.jpg\",\"keywords\":[\"headline,flaw\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/\",\"name\":\"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation.jpg\",\"datePublished\":\"2024-04-09T14:33:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/","og_locale":"en_US","og_type":"article","og_title":"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-04-09T14:33:10+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/exploit-800x534.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation","datePublished":"2024-04-09T14:33:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/"},"wordCount":575,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/04\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation.jpg","keywords":["headline,flaw"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/","url":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/","name":"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/04\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation.jpg","datePublished":"2024-04-09T14:33:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/04\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/04\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/critical-takeover-vulns-in-92000-d-link-devices-under-active-exploitation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflaw\/"},{"@type":"ListItem","position":3,"name":"Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55800"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55800\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/55801"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}