Critical Security Flaw in Legacy D-Link Routers Leaves Users Vulnerable

D-Link advises users to replace affected routers, as no patches will be issued for end-of-life models with a severe remote code execution vulnerability.

A remote code execution (RCE) vulnerability has been identified in several older D-Link router models, including the DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N.
The vulnerability, caused by a stack buffer overflow, allows unauthenticated attackers to execute malicious code remotely, potentially exposing users to malware, data theft, and other cyber threats.
D-Link has stated it will not release patches for these routers, as they have reached their end-of-life (EOL) or end-of-support (EOS) status, with some models discontinued as recently as May 2024 and others since 2015.
The company is offering a 20% discount on newer router models, such as the DSR-250v2, as a replacement option for affected users.
Security experts warn that continued use of these routers puts connected devices at significant risk, and users are encouraged to upgrade or explore third-party firmware solutions, though these void warranties.