
D-Link has updated a security advisory warning of a critical buffer overflow vulnerability affecting several end-of-life routers. The vulnerability, tracked as CVE-2024-57376 and assigned a CVSS score of 8.8, could allow unauthenticated attackers to execute arbitrary code on affected devices, potentially leading to complete system compromise.
The affected routers, including D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N, reached their end-of-life (EOL) status in 2015 and 2024, meaning they no longer receive security updates or support from D-Link. However, many users may still be using these devices, leaving them vulnerable to this critical security flaw.
“This exploit affects the DSR-150 / DSR-150N / DSR-250/DSR-250N routers, all of which reached End of Life (‘EOL’)/End of Support (‘EOS’) for their hardware versions and firmware no later than 05/01/2024,” states the D-Link advisory.
The vulnerability can be exploited remotely by unauthenticated attackers, making it particularly dangerous. Successful exploitation could allow attackers to:
- Take complete control of the router
- Intercept and manipulate network traffic
- Launch attacks against other devices on the network
- Steal sensitive data
- Install malware
Since the affected routers have reached EOL, no security patches will be released to address this vulnerability. D-Link recommends users take the following actions:
- Upgrade to a newer product: This is the most effective way to mitigate the risk.
- Implement additional security measures: Consider using a firewall or other security appliances to protect the network.
- Perform data backup and manage risks: Regularly back up important data and assess the risks associated with using EOL devices.
- Contact D-Link for further recommendations: Users can reach out to D-Link for additional guidance on mitigating the risk.