In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported.
Article Link: New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273) - SANS Internet Storm Center