D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week

Source: Tom's Hardware added 20th Nov 2024

  • d-link-refuses-to-patch-yet-another-security-flaw,-suggests-users-just-buy-new-routers-—-d-link-told-users-to-replace-nas-last-week

(Image credit: D-Link)

A handful of legacy D-Link routers are susceptible to RCE (Remote Code Execution) threats as the company outright refuses to offer patches, stating that the devices have reached EOL (End Of Life) and suggests users trash them instead. This report follows a previous incident where D-Link failed to patch over 60,000 NAS devices and recommended users purchase newer models.

Going over the advisory, D-Link says attackers can execute code remotely (RCE) on these routers owing to a stack buffer overflow vulnerability. D-Link didn’t share the exact specifics of this threat, possibly to ward off potential hackers. Even so, this unleashes a pandora’s box of possible threats, including, but not limited to, data theft, malware and spyware installation, and DoS attacks. 

In other words, if you own the following routers: DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, or DSR-1000N; your data and privacy are at serious risk. A quick look over the report shows that four out of six of these routers were discontinued just this year. And — to no one’s surprise — D-Link explicitly says, “If a product has reached End of Support (“EOS”) / End of Life (“EOL”), there is normally no further extended support or development for it.”

Here’s a list of the specific models in question:

Swipe to scroll horizontally

Model End Of Life Date
DSR-150 May 1, 2024
DSR-150N May 1, 2024
DSR-250 May 1, 2024
DSR-250N May 1, 2024
DSR-500N September 30, 2015
DSR-1000N October 30, 2015

“D-Link US is prohibited to provide support for these EOL/EOS products. D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it.”

D-Link

Users in the U.S. can snag a newer model at discounted rates — but that doesn’t compensate for the lack of patches, which leave a myriad of unsuspecting users at risk. Alternatively, the report says that various devices on this list are open to third-party firmware with unofficial patches — but going that route will void your warranty (not that it matters much, anymore).

Just recently, various NAS models from D-Link were found prone to the CVE-2024-10914 vulnerability — but, due to EOL concerns, the firm declined to patch them and proposed users purchase new routers instead.

Given D-Link’s disregard for security flaws in its devices, this news might deter potential customers or business partners. Nonetheless, if you think it’s time for an upgrade, you can check out our Wi-Fi router list to get the best bang for your buck.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.

Hassam Nasir is a die-hard hardware enthusiast with years of experience as a tech editor and writer, focusing on detailed CPU comparisons and general hardware news. When he’s not working, you’ll find him bending tubes for his ever-evolving custom water-loop gaming rig or benchmarking the latest CPUs and GPUs just for fun.

Read the full article at Tom's Hardware

media: Tom's Hardware  

Related posts


Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Related Products



Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91