D-Link says replace vulnerable routers or risk pwnage
(www.theregister.com)
from cron@feddit.org to cybersecurity@sh.itjust.works on 21 Nov 08:28
https://feddit.org/post/4950288
from cron@feddit.org to cybersecurity@sh.itjust.works on 21 Nov 08:28
https://feddit.org/post/4950288
Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.
Most of the details about the bug are being kept under wraps given the potential for wide exploitation. The vendor hasn’t assigned it a CVE identifier or really said much about it at all other than that it’s a buffer overflow bug that leads to unauthenticated RCE.
Unauthenticated RCE issues are essentially as bad as vulnerabilities get, and D-Link warned that if customers continued to use the affected products, the devices connected to them would also be put at risk.
threaded - newest
One of the models (DSR-150) has been released in 2012, went EOL in May and is listed on Amazon for <190$US.
So honestly, if it’s part of your business’ critical infrastructure you probably threw it out some time ago.
You’re right, these devices are end of life and hopefully not near critical infrastructure.