D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week

A handful of legacy D-Link routers are susceptible to RCE (Remote Code **********) threats as the company outright

This is the hidden content, please

• Sign In
• or
• Sign Up

to offer patches, stating that the devices have reached EOL (End Of Life) and suggests users trash them instead. This report follows a previous incident where D-Link ******* to patch over 60,000 NAS devices and recommended users purchase newer models.

Going over the advisory, D-Link says attackers can ******** code remotely (RCE) on these routers owing to a stack buffer overflow vulnerability. D-Link didn’t share the exact specifics of this threat, possibly to ward off potential hackers. Even so, this unleashes a pandora’s box of possible threats, including, but not limited to, data theft, malware and spyware installation, and DoS attacks. 

In other words, if you own the following routers: DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, or DSR-1000N; your data and privacy are at serious risk. A quick look over the report shows that four out of six of these routers were discontinued just this year. And — to no one’s surprise — D-Link explicitly says, “If a product has reached End of Support (“EOS”) / End of Life (“EOL”), there is normally no further extended support or development for it.”

Here’s a list of the specific models in question:

Swipe to scroll horizontally

Model	End Of Life Date
DSR-150	May 1, 2024
DSR-150N	May 1, 2024
DSR-250	May 1, 2024
DSR-250N	May 1, 2024
DSR-500N	September 30, 2015
DSR-1000N	October 30, 2015

“D-Link US is prohibited to provide support for these EOL/EOS products. D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it.”

D-Link

Users in the U.S. can snag a newer model at discounted rates — but that doesn’t compensate for the lack of patches, which leave a myriad of unsuspecting users at risk. Alternatively, the report says that various devices on this list are open to third-party firmware with unofficial patches — but going that route will void your warranty (not that it matters much, anymore).

Just recently, various NAS models from D-Link were found prone to the CVE-2024-10914 vulnerability — but, due to EOL concerns, the firm declined to patch them and proposed users purchase new routers instead.

Given D-Link’s disregard for security flaws in its devices, this news might deter potential customers or business partners. Nonetheless, if you think it’s time for an upgrade, you can check out our Wi-Fi router list to get the best bang for your buck.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.

This is the hidden content, please

• Sign In
• or
• Sign Up

#DLink #refuses #patch #security #flaw #suggests #users #buy #routers #DLink #told #users #replace #NAS #week

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up