D-Link Systems has issued a warning for six of its router models, urging customers to stop using them right away. Some serious security vulnerabilities have been found in the six models (which have already reached the end of their support cycle). All six discontinued routers have a fatal bug, a “stack buffer overflow vulnerability, which allows unauthenticated users to execute remote code execution.” Basically, any attacker can exploit this vulnerability to infect the router and the devices connected to it, compromising the entire network.
They won’t need the router’s login credentials to get full access to it and, with those elevated privileges, they can potentially capture the traffic (passwords or internet history) or spread malware to downstream devices (rootkits or ransomware).
If you’re using any of the six routers, D-link wants you to replace it with an upgraded model. Plus, the company is throwing in a 20% discount on the newer DSR-250v2 router when you upgrade from one of these discontinued models.
- DSR-150
- DSR-150N
- DSR-250
- DSR-250N
- DSR-500N
- DSR-1000N
“D-Link will be unable to resolve device or firmware issues since all development and customer support has ceased,” the announcement reads. D-link didn’t provide a detailed vulnerability report since the routers aren’t getting any firmware updates or security patches. At the same time, the bug is serious enough that the company is asking people to retire these routers, three of which only reached the end of their update cycle this year.
If you own one of these routers, and you’re waiting for the replacement to arrive or if you’ve decided against replacing it, D-link suggests you keep it updated to the latest firmware available, regularly change the access password, and don’t leave the Wi-Fi unencrypted. Some of these routers have third-party firmware available online that can be installed to extend their lifetime, but D-link cautions against that too.
For more information on solutions for running your businesses’ technology more efficiently, visit our website or contact Megan Meisner at mmeisner@launchpadonline.com or 813 448-7100 x210.
This was originally posted by HowtoGeek.