SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

D-Link Warns of RCE Vulnerability in Legacy Routers

Six discontinued D-Link router models are affected by a remote code execution (RCE) vulnerability that will not be patched.
D-Link vulnerabilities

D-Link this week issued an alert on a remote code execution (RCE) vulnerability affecting six router models that have been discontinued.

The issue, which does not have a CVE identifier, is described as a buffer overflow that could be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable products.

According to D-Link, all hardware revisions of its DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N router models are affected by this security defect and no patch will be released for them.

“This exploit affects this legacy D-Link router and all hardware revisions, which have reached their End of Life (EOL)/End of Service Life (EOS) Life-Cycle. Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported,” D-Link notes in its advisory.

The DSR-150, DSR-150N, DSR-250, and DSR-250N routers were discontinued on May 1 this year, while the DSR-500N and DSR-1000N routers were discontinued nine years ago.

The company recommends that users of these devices replace them with newer, supported products. For US users of the affected devices, the company is offering a newer router model at a discounted price.

Advertisement. Scroll to continue reading.

D-Link has credited security researcher ‘delsploit’ for identifying and reporting the vulnerability, but has refrained from providing technical information on the bug.

Users should consider replacing their legacy devices as soon as possible. Threat actors are known to have targeted vulnerable D-Link products that are no longer supported.

Exploitation of CVE-2024-10914, a critical-severity command injection bug in multiple discontinued D-Link NAS models, started within days after the networking hardware and telecoms equipment manufacturer publicly disclosed it earlier this month.

Related: D-Link Patches Critical Router Vulnerabilities

Related: D-Link Warns of Code Execution Flaws in Discontinued Router Model

Related: PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens

Related: Critical Flaws Found in NetComm Industrial Routers

Related: Reigning in ‘Out-of-Control’ Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.

Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer.

AutoNation has appointed Brian Fricke as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.