A handful of legacy D-Link routers are susceptible to RCE (Remote Code Execution) threats as the company refuses to offer patches, stating that the devices have reached EOL (End Of Life) and suggests users trash them instead. This report follows a previous incident where D-Link failed to patch over 60,000 NAS devices and recommended users purchase newer models.
Going over the advisory, D-Link says attackers can execute code remotely (RCE) on these routers owing to a stack buffer overflow vulnerability. D-Link didn’t share the exact specifics of this threat, possibly to ward off potential hackers. Even so, this unleashes a pandora’s box of possible threats, including, but not limited to, data theft, malware and spyware installation, and DoS attacks.
In other words, if you own the following routers: DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, or DSR-1000N; your data and privacy are at serious risk. A quick look over the report shows that four out of six of these routers were discontinued just this year. And — to no one’s surprise — D-Link explicitly says, “If a product has reached End of Support (“EOS”) / End of Life (“EOL”), there is normally no further extended support or development for it.”
Here’s a list of the specific models in question:
| Model | End Of Life Date |
|---|---|
| DSR-150 | May 1, 2024 |
| DSR-150N | May 1, 2024 |
| DSR-250 | May 1, 2024 |
| DSR-250N | May 1, 2024 |
| DSR-500N | September 30, 2015 |
| DSR-1000N | October 30, 2015 |
“D-Link US is prohibited to provide support for these EOL/EOS products. D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it.”
D-Link
Users in the U.S. can snag a newer model at discounted rates — D-Link offers a 20% discount for those impacted by the flaw — but that doesn’t fully compensate for the lack of patches, which leave a myriad of unsuspecting users at risk. Alternatively, the report says that various devices on this list are open to third-party firmware with unofficial patches — but going that route will void your warranty (not that it matters much anymore).
Recently, various NAS models from D-Link were found prone to the CVE-2024-10914 vulnerability — but due to EOL concerns, the firm declined to patch them and proposed users purchase new routers instead.
Given D-Link’s recent spate of security flaws in its older devices, this news might deter potential customers or business partners. Nonetheless, if you think it’s time for an upgrade, you can check out our Wi-Fi router list to get the best bang for your buck.
