D-Link Urges Users to Replace Popular VPN Routers Due to Critical Flaw

D-Link has issued an urgent advisory for users of its DSR-150, DSR-150N, DSR-250, and DSR-250N VPN routers, citing a critical stack buffer overflow vulnerability that could allow remote code execution by unauthenticated attackers.

These devices, which have reached their End-of-Life (EoL) and End-of-Service (EoS) status as of May 2024, no longer receive firmware updates or security patches, leaving users exposed to significant cyber risks.

Vulnerability overview

The vulnerability was discovered and reported by a security researcher using the alias “delsploit.” It involves a stack buffer overflow flaw affecting all hardware versions of the DSR-250 and DSR-250N routers running firmware versions 3.13 to 3.17B901C.

This flaw could allow attackers to execute malicious code remotely without authentication. D-Link has confirmed the issue and issued a notice urging immediate replacement of these routers, as no further fixes or firmware updates will be provided.

The DSR-150 and DSR-250 series routers are commonly used by small businesses and home offices for their VPN capabilities, enabling secure remote access to internal networks. Despite their popularity, these devices have now been discontinued, and their lack of ongoing support significantly increases the risk of exploitation.

D-Link has emphasized that continued use of these routers exposes connected devices and networks to cyber threats. The company recommends replacing them with newer, actively supported models to ensure security.

A recurring pattern

This advisory marks the third major warning from D-Link in recent weeks concerning vulnerabilities in its legacy products:

• November 8, 2024: A command injection vulnerability (CVE-2024-10914) in over 61,000 D-Link NAS devices was revealed. This flaw allowed unauthenticated attackers to execute arbitrary commands, leading to data theft, ransomware deployment, and potential system compromises.
• November 12, 2024: Security researchers identified multiple critical flaws (CVE-2024-11066, CVE-2024-11067, CVE-2024-11068) in D-Link DSL6740C modems, exposing 59,000 units to unauthorized access, command execution, and sensitive data breaches.

Each incident has highlighted the risks posed by D-Link's unsupported devices, underscoring the importance of migrating away from legacy hardware. Unfortunately, this seems logistically and practically complicated for many users worldwide, resulting in the persistence of the associated risks.

To safeguard networks and devices, D-Link has issued the following guidance for users of EoL/EoS products:

• Immediately replace affected routers with modern, supported alternatives.
• If continued use is unavoidable, ensure the router is running the latest firmware version from D-Link's legacy archive.
• Regularly update unique passwords for the device's web interface and enable strong Wi-Fi encryption.
• Avoid connecting unsupported routers directly to sensitive or critical networks.
• Regularly review logs for unusual activity that may indicate exploitation attempts.