D-Link is telling users to stop using these routers immediately, or face hacking

LovabledanielsNovember 20, 2024109 Views

Security researchers find a critical remote code execution flaw in multiple D-Link router models
The models reached end of life status last spring, meaning the flaw won’t be patched
D-Link urges users to replace the devices with newer models immediately

A critical vulnerability, allowing for remote code execution (RCE) attacks, has been discovered on multiple D-Link VPN routers.

However, since the models have now reached end-of-life, D-Link will not be issuing a patch – and instead, it urged users to retire the affected devices and replace them with newer, supported models.

The flaw does not have a CVE designation just yet, but the company, as well as the researcher who found the flaw – alias ‘desploit’ – will not be releasing any details about it, to give affected customers enough time to react. In any case, once word gets out, cybercriminals will definitely start scanning for vulnerable routers, so if you’re using one of these models, make sure to replace them as soon as possible:

DSR-150
DSR-150N
DSR-250
DSR-250N

No workarounds

D-Link said that both hardware and firmware for these devices have expired, and workarounds are not recommended:

“The DSR-150 / DSR-150N / DSR-250 / DSR-250N all hardware versions and firmware versions have been EOL/EOS as of 05/01/2024. This exploit affects this legacy D-Link router and all hardware revisions, which have reached their End of Life […]. Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported by D-Link US,” D-Link said in a recent security advisory.

“D-Link strongly recommends that this product be retired.”

Routers, being the gateways of all internet traffic on a local network, are usually the first thing criminals will try to compromise in their attacks. End-of-life devices with known critical vulnerabilities, especially RCE, are considered low hanging fruit.

Furthermore, the affected device versions are often used in homes and small businesses, according to a recent BleepingComputer report. That makes them an ideal target for malware deployment, distributed denial of service botnets, and possibly even ransomware attacks.

Via BleepingComputer

Weekly update

Children among several killed in Israel’s attacks on Gaza amid aid blockade | Israel-Palestine conflict News

A new Samsung Galaxy Z Fold 7 leak may have revealed the foldable phone’s dimensions and super-thin bezels

Physical buttons are finally making a comeback in cars, thanks to new safety guidelines – but I’m bracing myself for more irritating user experiences

Weekly Newsletter

D-Link is telling users to stop using these routers immediately, or face hacking

Leave a comment

Leave a Reply Cancel reply

Explore more

A new Samsung Galaxy Z Fold 7 leak may have revealed the foldable phone’s dimensions and super-thin bezels

Physical buttons are finally making a comeback in cars, thanks to new safety guidelines – but I’m bracing myself for more irritating user experiences

UK government to replace SMS logins with secure passkeys in major digital identity overhaul across GOV.UK services

Qatar leads Syria search for bodies of US hostages killed by ISIL: Report | Investigation News

I’d jump at the chance to swap my 24-inch LCD monitor for this 25-inch color E Ink alternative – if only I could afford it

Hackers found a sneaky new way to steal your login even when it’s encrypted – here’s how they’re pulling it off

AI is making phishing emails dangerously convincing with better spelling, grammar and formatting

AI-driven layoffs accelerate as companies push humans aside in favor of automation

Get to Know Us

Let's keep in touch