From the offices of D-Link, which is a well-known manufacturer in the technology sector, an urgent request is published for users. They are aimed at owners of several routers that have been affected by a vulnerability that the company has confirmed will not be fixed.
All devices, sooner or later, reach an end of life in which they are left without support from their manufacturers. But the end of support date does not mean that users will stop using these devices overnight. In general, many people stay loyal to their terminals as long as they work. However, D-Link does not want owners of some of its routers to continue using them.
A critical vulnerability
First of all, it is mentioned that the vulnerability was previously discovered by a security expert known as delsploit. When he discovered it, he contacted D-Link to let them know about the problem with the routers in question. From that moment on, they say that they decided to keep part of the information secret with the intention of preventing hackers from taking advantage of the problem to launch massive attacks.
But, in any case, they want users to be aware of what is happening so that they can change their router as soon as possible. The end of service for the affected routers occurred on May 1, 2024, so it is very likely that there are still many users who are using them. The affected models are the following: DSR-150, DSR-150N, DSR-250 and DSR-250N, all of them marketed internationally in their heyday. Furthermore, it is indicated that, more precisely, both the DSR-150 and the DSR-150N are vulnerable in any of their firmware versions. For their part, the DSR-250 and DSR-250N models are only exposed with firmware that is between version 3.13 and 3.17B901C.
What to do if you have one of these routers?
The first thing D-Link says is that you update to the latest firmware version of the routers in question. But then the company itself emphasizes that updating does not provide you with resistance to the existing vulnerability that we have told you about in this news. Therefore, updating the firmware does not seem to be very useful beyond avoiding other possible infections or risks that have not been detected. The company emphasizes that they will not release any type of patch or solution to fix the problem, so the only completely safe solution is to change the router for a new model.
This situation is not new, since it has happened before with other routers and, in fact, it has also happened with more router models from other brands. Some of the devices are updated if they are still active, but D-Link stresses the importance of not making exceptions for outdated models even if serious vulnerabilities are discovered as in this case. They consider that a device that has become obsolete can no longer receive these types of patches and that, therefore, users have to find another solution to avoid risks.
In addition, the company also talks about the possible availability of other unofficial firmware that users have developed. They imply that, although it may seem like a good solution, especially if it promises to fix the vulnerability that has been recently found, doing so would violate the terms of the router’s warranty. Therefore, it would not be the ideal option either due to the possible problems that will be suffered in the future, although if the device is already obsolete, there may not be much interest in trying to maintain the warranty. In any case, the user is the one who has the last word and, what is certain, is that it is not highly recommended to use a router that is exposed to critical vulnerabilities.
