Several older D-Link routers have been found to be susceptible to Remote Code Execution (RCE) attacks. The company has stated that these devices will not receive any updates, claiming they have reached their end-of-life as noted on their announcement page.
This vulnerability poses a significant threat, enabling cybercriminals to take control of affected devices from anywhere across the globe through a stack buffer overflow exploit. By feeding excess data to the buffer, an attacker can corrupt essential data, such as the return address, ultimately leading to unauthorized access to your system. Notably, D-Link has not elaborated on the specific mechanics of this vulnerability, likely to prevent informing potential attackers.
With no available patches, users are left vulnerable to various threats, including malware installations, data breaches, and denial-of-service attacks. The at-risk router models include:
- DSR-150
- DSR-150N
- DSR-250
- DSR-250N
- DSR-500N
- DSR-1000N
D-Link has advised users affected by this issue to replace their routers. If you’re in the market for a new device, it might be wise to consider some of the top router options available. However, it’s unfortunate that four of the routers listed have been discontinued this year. D-Link has clarified, “Once a product reaches End of Support (EOS) or End of Life (EOL), it typically does not receive any further updates or support.”
While D-Link has provided a 20% discount on new routers as a gesture of goodwill, reports indicate that many older models are compatible with third-party firmware, which isn’t a viable solution since it may void the warranty.
Ultimately, when devices reach obsolescence, it is not unusual for companies to shift their focus away from them and concentrate on launching new models.