The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
https://www.netscout.com/blog/asert/botnet-pulse
https://hackread.com/ficora-capsaicin-botnet-d-link-router-flaws-ddos-attacks/
https://thehackernews.com/2024/12/ficora-and-kaiten-botnets-exploit-old-d.html
https://blog.xlab.qianxin.com/catddos-derivative-en/
https://www.fortinet.com/blog/threat-research/new-goldoon-botnet-targeting-d-link-devices