D-Link says replace vulnerable routers or risk pwnage (www.theregister.com)
from cron@feddit.org to cybersecurity@sh.itjust.works on 21 Nov 2024 08:28
https://feddit.org/post/4950288

Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.

Most of the details about the bug are being kept under wraps given the potential for wide exploitation. The vendor hasn’t assigned it a CVE identifier or really said much about it at all other than that it’s a buffer overflow bug that leads to unauthenticated RCE.

Unauthenticated RCE issues are essentially as bad as vulnerabilities get, and D-Link warned that if customers continued to use the affected products, the devices connected to them would also be put at risk.

#cybersecurity

threaded - newest

spechter@lemmy.ml on 21 Nov 2024 08:37 collapse

One of the models (DSR-150) has been released in 2012, went EOL in May and is listed on Amazon for <190$US.

So honestly, if it’s part of your business’ critical infrastructure you probably threw it out some time ago.

cron@feddit.org on 21 Nov 2024 12:23 collapse

You’re right, these devices are end of life and hopefully not near critical infrastructure.