D-Link has announced its decision to withhold security updates for a critical vulnerability affecting over 60,000 DSL6740C routers currently connected to the internet. This announcement follows the company’s recent refusal to patch the CVE-2024-10914 vulnerability in their legacy Network Attached Storage (NAS) devices, raising significant concerns within the cybersecurity community.
Critical Security Vulnerability Details and Impact Assessment
Independent security researcher Chiao-Lin Yu has identified several critical security flaws in D-Link DSL6740C routers, with the most severe vulnerability enabling unauthenticated remote attackers to modify user passwords and gain complete control over affected devices. According to FOFA search engine data, approximately 60,000 vulnerable devices remain actively connected to the internet, with a significant concentration in Taiwan.
Manufacturer’s Response and Security Implications
D-Link has acknowledged the vulnerabilities in their official security bulletin but declared they would not issue patches, citing the termination of support for these devices in early 2024. The manufacturer’s sole recommendation is for users to replace vulnerable routers with newer models, leaving thousands of customers exposed to potential cyber threats.
Active Exploitation and Emerging Threats
The situation has become particularly urgent as threat actors have begun actively exploiting the CVE-2024-10914 vulnerability in D-Link NAS devices. Shadowserver Foundation reports that attacks targeting vulnerable systems commenced on November 12, 2024. Security experts strongly advise owners of affected devices to immediately disconnect them from the internet to prevent compromise.
Recommended Security Measures
For users operating vulnerable D-Link DSL6740C routers, cybersecurity experts recommend implementing the following protective measures:
– Immediate isolation of affected devices from internet access
– Migration to current-generation routers with active security support
– Regular monitoring of network traffic for suspicious activities
– Implementation of additional network security layers
This security incident highlights the critical importance of selecting networking equipment from manufacturers committed to long-term security support. Organizations and individuals using affected D-Link devices should prioritize upgrading to modern, actively supported alternatives to maintain robust network security posture. The incident serves as a reminder that cybersecurity requires ongoing vigilance and proactive hardware lifecycle management to effectively mitigate evolving threats.
