A total of four RCE flaws were discovered in the router’s firmware, including two critical- and two high-severity bugs, all of which will remain unpatched, the company said. The critical security defects, tracked as CVE-2024-44341 and CVE-2024-44342 (CVSS score of 9.8), are described as OS command injection issues that could allow remote attackers to execute arbitrary code on vulnerable devices. According to D-Link, the third flaw, tracked as CVE-2024-41622, is a high-severity issue that can be exploited via a vulnerable parameter. The company lists the flaw with a CVSS score of 8.8, while NIST advises that it has a CVSS score of 9.8, making it a critical-severity bug.