A few legacy D-Link routers can be vulnerable to Remote Code Execution (RCE) attacks since the company refuses to send any updates to patch them up, claiming they have reached end-of-life, as recently posted on its announcement page.
The vulnerability is a serious issue since it allows hackers to take control from anywhere in the world and use a stack buffer overflow. This attack sends more data than the buffer size can handle, potentially corrupting critical information like the return address. Thus, hackers can take control of your PC. However, the company did not detail how the threat works, possibly not informing the hackers too much about the issue.
The lack of a fix puts users at risk since they are exposed to malware, data theft, spyware installation, DoS attacks, and more. The routers that are at risk include the following:
- DSR-150
- DSR-150N
- DSR-250
- DSR-250N
- DSR-500N
- DSR-1000N
The company’s only solution for those affected is to get a new router, and if that’s what you’re going to do, you may as well buy one of the best routers. Unfortunately, though, four of the listed routers were discontinued this year, which is bad news considering D-Link said, “If a product has reached End of Support (“EOS”) / End of Life (“EOL”), there is normally no further extended support or development for it.”
The 20% discount D-Link offers on new routers is a nice gesture, but the report says many of the listed routers are open to third-party firmware. That’s not a great solution since it voids the warranty.
But let’s face it: when a device becomes obsolete, it makes sense that the company wants to forget about it and concentrate on the new models.
