D-Link this week issued an alert on a remote code execution (RCE) vulnerability affecting six router models that have been discontinued.
The issue, which does not have a CVE identifier, is described as a buffer overflow that could be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable products.
According to D-Link, all hardware revisions of its DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N router models are affected by this security defect and no patch will be released for them.
“This exploit affects this legacy D-Link router and all hardware revisions, which have reached their End of Life (EOL)/End of Service Life (EOS) Life-Cycle. Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported,” D-Link notes in its advisory.
The DSR-150, DSR-150N, DSR-250, and DSR-250N routers were discontinued on May 1 this year, while the DSR-500N and DSR-1000N routers were discontinued nine years ago.
The company recommends that users of these devices replace them with newer, supported products. For US users of the affected devices, the company is offering a newer router model at a discounted price.
D-Link has credited security researcher ‘delsploit’ for identifying and reporting the vulnerability, but has refrained from providing technical information on the bug.
Users should consider replacing their legacy devices as soon as possible. Threat actors are known to have targeted vulnerable D-Link products that are no longer supported.
Exploitation of CVE-2024-10914, a critical-severity command injection bug in multiple discontinued D-Link NAS models, started within days after the networking hardware and telecoms equipment manufacturer publicly disclosed it earlier this month.
Related: D-Link Patches Critical Router Vulnerabilities
Related: D-Link Warns of Code Execution Flaws in Discontinued Router Model
Related: PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens
Related: Critical Flaws Found in NetComm Industrial Routers
Related: Reigning in ‘Out-of-Control’ Devices