D-Link won't patch its older VPN routers, leaving critical vulnerability unaddressed
techspot.com
A hot potato: D-Link is strongly recommending that users of its older VPN routers replace the devices following the discovery of a serious remote code execution (RCE) vulnerability. As the models have reached their end of life and end of support dates, they won't be patched to protect against the flaw.
The vulnerability, reported to D-Link by security researcher 'delsploit,' hasn't been assigned a CVE identifier. The technical details have not been revealed, either, giving customers time to react before cybercriminals start attempting to exploit it. We do know that it's a stack buffer overflow vulnerability, which allows unauthenticated users to execute remote code execution.
All hardware versions and firmware versions of the following devices have been affected:
- DSR-150 (EOL May 2024)
- DSR-150N (EOL May 2024)
- DSR-250 (EOL May 2024)
- DSR-250N (EOL May 2024)
- DSR-500N (EOL September 2015)
- DSR-1000N (EOL October 2015)
D-Link emphasizes that it will ...
Copyright of this story solely belongs to techspot.com . To see the full text click HERE