Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

D-Link Warns of RCE Vulnerability in Legacy Routers

Six discontinued D-Link router models are affected by a remote code execution (RCE) vulnerability that will not be patched.

D-Link vulnerabilities

D-Link this week issued an alert on a remote code execution (RCE) vulnerability affecting six router models that have been discontinued.

The issue, which does not have a CVE identifier, is described as a buffer overflow that could be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable products.

According to D-Link, all hardware revisions of its DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N router models are affected by this security defect and no patch will be released for them.

“This exploit affects this legacy D-Link router and all hardware revisions, which have reached their End of Life (EOL)/End of Service Life (EOS) Life-Cycle. Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported,” D-Link notes in its advisory.

The DSR-150, DSR-150N, DSR-250, and DSR-250N routers were discontinued on May 1 this year, while the DSR-500N and DSR-1000N routers were discontinued nine years ago.

The company recommends that users of these devices replace them with newer, supported products. For US users of the affected devices, the company is offering a newer router model at a discounted price.

D-Link has credited security researcher ‘delsploit’ for identifying and reporting the vulnerability, but has refrained from providing technical information on the bug.

Users should consider replacing their legacy devices as soon as possible. Threat actors are known to have targeted vulnerable D-Link products that are no longer supported.

Advertisement. Scroll to continue reading.

Exploitation of CVE-2024-10914, a critical-severity command injection bug in multiple discontinued D-Link NAS models, started within days after the networking hardware and telecoms equipment manufacturer publicly disclosed it earlier this month.

Related: D-Link Patches Critical Router Vulnerabilities

Related: D-Link Warns of Code Execution Flaws in Discontinued Router Model

Related: PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens

Related: Critical Flaws Found in NetComm Industrial Routers

Related: Reigning in ‘Out-of-Control’ Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.