D-Link has announced that several of its routers have a remote code execution vulnerability. The company is not going to do anything: these devices have reached the end of their service life, so it is proposed to dispose of them and purchase new ones instead. Previously, the company did the same with legacy NAS.
Image Source: D-Link
Potential attackers could exploit the stack buffer overflow vulnerability to trigger remote code execution. D-Link did not provide details of the detected threat, apparently so as not to make the task easier for cybercriminals. However, the equipment remains vulnerable to data theft, installation of malware and spyware; it can also become part of a botnet and participate in DDoS attacks. The issue affects the following router models: DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N and DSR-1000N. It is noteworthy that the first four of these devices reached the end of their life cycle only this year.
The manufacturer does not intend to take any active actions. “If a product has reached End of Support (EOS)/End of Life (EOL), it generally will not receive extended support or development,” D-Link said in a statement. US consumers who own these devices are offered a 20% discount on the purchase of devices from the same brand. Alternative firmware can also be installed on vulnerable routers – this will void the warranty, but in this case it apparently no longer matters.
Earlier it became known that several network attached storage (NAS) models from D-Link are susceptible to the CVE-2024-10914 vulnerability. But the manufacturer said that these devices had also reached the end of their service life, and the company would not take any action – consumers were advised to buy fresh models.