Hackers have started targeting the critical flaw CVE-2024-10914 in end-of-life (EOL) D-Link NAS devices.The vulnerability is a command injection issue that affects certain D-Link NAS devices.The flaw allows remote OS command injection via the cgi_user_add function.Exploitation attempts have been observed since November 12th.